PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL
Copy DOI

The Disclosure of Cybersecurity Risk

64 Pages Posted: 30 Nov 2017 Last revised: 25 Jun 2021

See all articles by James Nordlund

James Nordlund

affiliation not provided to SSRN

Date Written: June 25, 2021

Abstract

Following a data breach, interlocking firms are more likely to disclose exposure to cybersecurity risk in their annual report. Firms connected by auditors, via economic rivalry, or along a supply chain do not show similar disclosure propagation. The evidence suggests that disclosure propagation over interlocking firms is driven by a director’s self-interests or by a behavioral response to cybersecurity risk saliency, rather than by an improved monitoring for risk exposure. This finding sheds insight into the expanding length of risk factor disclosures and suggests that not all of this growth may be in the best interests of shareholders.

Keywords: risk factor disclosure, corporate director, cybersecurity, data breach, corporate governance

JEL Classification: G34

Suggested Citation

Nordlund, James, The Disclosure of Cybersecurity Risk (June 25, 2021). Available at SSRN: https://ssrn.com/abstract=3077632 or http://dx.doi.org/10.2139/ssrn.3077632

James Nordlund (Contact Author)

affiliation not provided to SSRN

PDF iconDownload This Paper
Open PDF in Browser

Do you have a job opening that you would like to promote on SSRN?

Place Job Opening

Paper statistics

Downloads
358
Abstract Views
1,663
rank
116,587
12 References
PlumX Metrics

Related eJournals