The Disclosure of Cybersecurity Risk
55 Pages Posted: 30 Nov 2017 Last revised: 13 Feb 2020
Date Written: October 15, 2019
The SEC has expressed concern that some emerging risks - most notably, cybersecurity risk - exhibit an insufficient level and quality of disclosure. Policymakers envision a board role in cybersecurity risk management, but whether that role would effectively improve risk disclosure is an open question. This paper uses a quasi-natural experiment to investigate whether expertise at the board of directors affects cybersecurity risk disclosure. I find that the level and quality of risk disclosure increases when the board has more knowledge about the risk. Thus, board expertise contributes in the identification and disclosure of emerging risk.
Keywords: risk factor disclosure, corporate director, cybersecurity, data breach, corporate governance
JEL Classification: G34
Suggested Citation: Suggested Citation