Abstract
PurposeThis study examines voluntary cybersecurity risk disclosures (VCRD) by listed Indian companies. It also investigates how it relates to firm-specific characteristics such as size, leverage, profitability, liquidity, beta, market growth and industry.Design/methodology/approachThe extent of VCRD was measured by assessing the cumulative occurrence of cybersecurity risk keywords in the annual report of 100 listed Indian non-financial companies. Keyword extraction and occurrence counts were performed using Python software. A multiple regression analysis was applied to predict the characteristics of VCRD.FindingsThe results showed that the theoretical frameworks underpinned by agency and signalling theories continued to provide a valid explanation of VCRD by Indian companies. Specifically, the findings emphasized the importance of firm size, leverage, and beta as significant VCRD determinants. Additionally, the study found that knowledge-intensive industries had a favourable impact on the extent of VCRD.Research limitations/implicationsThis study is relevant because it informs company management, regulators and investors about the nature and characteristics of companies that satisfy stakeholder demands to prevent cyber breaches.Originality/valueUnderstanding disclosure characteristics is crucial from policy and regulatory perspectives. Studies on cybersecurity disclosures are related to developed economies such as the United States of America and Canada. This is the first study to explore this issue in a developing nation, in general, and in India, in particular, where cybersecurity risk disclosure has yet to be recognized.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call