The Disclosure of Cybersecurity Risk

55 Pages Posted: 30 Nov 2017 Last revised: 13 Feb 2020

Date Written: October 15, 2019


The SEC has expressed concern that some emerging risks - most notably, cybersecurity risk - exhibit an insufficient level and quality of disclosure. Policymakers envision a board role in cybersecurity risk management, but whether that role would effectively improve risk disclosure is an open question. This paper uses a quasi-natural experiment to investigate whether expertise at the board of directors affects cybersecurity risk disclosure. I find that the level and quality of risk disclosure increases when the board has more knowledge about the risk. Thus, board expertise contributes in the identification and disclosure of emerging risk.

Keywords: risk factor disclosure, corporate director, cybersecurity, data breach, corporate governance

JEL Classification: G34

Suggested Citation

Nordlund, James, The Disclosure of Cybersecurity Risk (October 15, 2019). Available at SSRN: or

James Nordlund (Contact Author)

Louisiana State University ( email )

2163 CEBA
Baton Rouge, LA 70803
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics