The Disclosure of Cybersecurity Risk

55 Pages Posted: 30 Nov 2017 Last revised: 13 Feb 2020

See all articles by James Nordlund

James Nordlund

Louisiana State University, Baton Rouge - Department of Finance

Date Written: October 15, 2019

Abstract

The SEC has expressed concern that some emerging risks - most notably, cybersecurity risk - exhibit an insufficient level and quality of disclosure. Policymakers envision a board role in cybersecurity risk management, but whether that role would effectively improve risk disclosure is an open question. This paper uses a quasi-natural experiment to investigate whether expertise at the board of directors affects cybersecurity risk disclosure. I find that the level and quality of risk disclosure increases when the board has more knowledge about the risk. Thus, board expertise contributes in the identification and disclosure of emerging risk.

Keywords: risk factor disclosure, corporate director, cybersecurity, data breach, corporate governance

JEL Classification: G34

Suggested Citation

Nordlund, James, The Disclosure of Cybersecurity Risk (October 15, 2019). Available at SSRN: https://ssrn.com/abstract=3077632 or http://dx.doi.org/10.2139/ssrn.3077632

James Nordlund (Contact Author)

Louisiana State University, Baton Rouge - Department of Finance ( email )

2163 CEBA
Baton Rouge, LA 70803
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
110
Abstract Views
682
rank
257,637
PlumX Metrics