Insider Trading and Disclosure: The Case of Cyberattacks
37 Pages Posted: 16 Apr 2019
Date Written: March 7, 2019
We examine the relation between insider trading and corporate disclosure of cyberattacks. We distinguish between companies that voluntarily disclosed cyberattacks and those that withheld information on the incidents, and parties outside the attacked company later discovered the incident. We find insiders sell stocks in cases their firm withholds information on the cyberattack from investors. However, in firms that voluntarily disclosed information about the attack, we find insiders are less likely to sell shares when information is still private. We also find that managers are less likely to withhold and sell stocks in states that require companies to disclose data breaches to the state attorney general. The requirement to disclose a breach to the state attorney marks the breach as a significant event, on which insiders are less likely to trade before disclosure because of higher litigation risk. When disclosure requirements are less strict and disclosure is virtually voluntary, insiders trade after withholding information on the cyberattack. The results demonstrate the relation between disclosure and insider trading, and in particular show managers are more (less) likely to trade on private information that they know the company will withhold (disclose).
Keywords: insider trading, disclosure, cyberattacks, data breaches
Suggested Citation: Suggested Citation