If You Cannot Measure It, You Cannot Manage It: Assessing the Quality of Cybersecurity Risk Disclosure through Textual Imagification

44 Pages Posted: 2 Nov 2019

See all articles by Arion Cheong

Arion Cheong

Rutgers Business School

Soohyun Cho

Rutgers, The State University of New Jersey

Won Gyun No

Rutgers, The State University of New Jersey - Accounting & Information Systems

Miklos A. Vasarhelyi

Rutgers Business School

Date Written: October 23, 2019

Abstract

Cybersecurity threats can exert significant adverse effects on a company’s performance, necessitating that stakeholders make an effort to understand the risks related to the companies with which they conduct business. However, since a company’s relative exposure to cybersecurity risks is related to both identified potential cybersecurity risks as well as previous cyberattacks (and efforts to mitigate future attacks), an accurate assessment of the level of a company’s cybersecurity risk can pose a daunting challenge. In this paper, we suggest a methodology to measure a company’s cybersecurity risks by focusing on its disclosed cybersecurity risks, aggregating said risks and ultimately assessing them in a comprehensive manner. Specifically, we use text analytics to examine the cybersecurity risk disclosures of companies. Then, by applying Textual Imagification (TI) and a new approach derived from machine learning techniques, we develop a measurement mechanism for cybersecurity risks for individual companies. By providing measures of cybersecurity risks across companies, we can facilitate the decision-making processes of stakeholders by allowing them to access and compare cybersecurity risks, thereby improving the social welfare of market participants.

Keywords: Cybersecurity risks, Text analytics, Machine learning, Measurement mechanism

JEL Classification: C65, M40, M42, M48, O31

Suggested Citation

Cheong, Arion and Cho, Soohyun and No, Won Gyun and Vasarhelyi, Miklos A., If You Cannot Measure It, You Cannot Manage It: Assessing the Quality of Cybersecurity Risk Disclosure through Textual Imagification (October 23, 2019). Available at SSRN: https://ssrn.com/abstract=3474575 or http://dx.doi.org/10.2139/ssrn.3474575

Arion Cheong (Contact Author)

Rutgers Business School ( email )

1 Washington Park
Newark, NJ 07102
United States
5512333387 (Phone)

Soohyun Cho

Rutgers, The State University of New Jersey ( email )

One Washington Place, 906
Newark, NJ 07102
United States

Won Gyun No

Rutgers, The State University of New Jersey - Accounting & Information Systems

1 Washington Park, Room 993
Newark, NJ 07102-3122
United States

Miklos A. Vasarhelyi

Rutgers Business School ( email )

180 University Avenue
Ackerson Hall, Room 315
Newark, NJ 07102
United States
973-353-5002 (Phone)
973-353-1283 (Fax)

Register to save articles to
your library

Register

Paper statistics

Downloads
65
Abstract Views
225
rank
350,633
PlumX Metrics