The Disclosure of Cybersecurity Risk

64 Pages Posted: 30 Nov 2017 Last revised: 25 Jun 2021

Date Written: June 25, 2021

Abstract

Following a data breach, interlocking firms are more likely to disclose exposure to cybersecurity risk in their annual report. Firms connected by auditors, via economic rivalry, or along a supply chain do not show similar disclosure propagation. The evidence suggests that disclosure propagation over interlocking firms is driven by a director’s self-interests or by a behavioral response to cybersecurity risk saliency, rather than by an improved monitoring for risk exposure. This finding sheds insight into the expanding length of risk factor disclosures and suggests that not all of this growth may be in the best interests of shareholders.

Keywords: risk factor disclosure, corporate director, cybersecurity, data breach, corporate governance

JEL Classification: G34

Suggested Citation

Nordlund, James, The Disclosure of Cybersecurity Risk (June 25, 2021). Available at SSRN: https://ssrn.com/abstract=3077632 or http://dx.doi.org/10.2139/ssrn.3077632

James Nordlund (Contact Author)

Louisiana State University ( email )

2163 CEBA
Baton Rouge, LA 70803
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
207
Abstract Views
1,262
rank
180,461
PlumX Metrics