Do Firms Underreport Information on Cyber-Attacks? Evidence from Capital Markets

52 Pages Posted: 12 Mar 2018 Last revised: 22 Jun 2018

See all articles by Eli Amir

Eli Amir

Tel Aviv University

Shai Levi

Tel Aviv University

Tsafrir Livne

Tel Aviv University - Coller School of Management

Date Written: June 7, 2018

Abstract

Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.

Keywords: Cyber-attacks, data breaches, disclosure

JEL Classification: G41, G14

Suggested Citation

Amir, Eli and Levi, Shai and Livne, Tsafrir, Do Firms Underreport Information on Cyber-Attacks? Evidence from Capital Markets (June 7, 2018). Review of Accounting Studies, Forthcoming, Available at SSRN: https://ssrn.com/abstract=3136193 or http://dx.doi.org/10.2139/ssrn.3136193

Eli Amir

Tel Aviv University ( email )

312 Recanati Bldg.
69978 Tel Aviv
Israel
+972 3 640-8510 (Phone)
+972 3 640-7738 (Fax)

Shai Levi (Contact Author)

Tel Aviv University ( email )

Tel Aviv, 69978
Israel

Tsafrir Livne

Tel Aviv University - Coller School of Management ( email )

Tel Aviv
Israel

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
486
Abstract Views
2,882
Rank
107,146
PlumX Metrics