Predicting Cybersecurity Incidents Through Mandatory Disclosure Regulation

Illinois Journal of Law, Technology, and Policy

62 Pages Posted: 14 Nov 2020 Last revised: 5 May 2022

See all articles by Aniket Kesari

Aniket Kesari

Fordham University School of Law

Date Written: March 2, 2022

Abstract

Cybersecurity risk is an increasingly common concern for organizations
that collect and maintain vast troves of data. In 2011, the United States
Securities and Exchange Commission (SEC) provided guidelines for how
publicly traded companies should convey these risks to potential investors. But
does this mandatory disclosure regime effectively serve this purpose in the
cybersecurity context? This Article uses machine learning and natural language
processing techniques to analyze firms’ mandatory risk disclosure statements,
predict which firms are at the greatest risk of suffering cybersecurity incidents,
and evaluate how well disclosure meets the goals of the broad regulatory
regime. More broadly, this study highlights the potential for using legally
mandated disclosures to bolster regulatory efforts, particularly in the context of
prediction policy problems.

Keywords: cybersecurity, prediction policy problems, empirical legal studies

Suggested Citation

Kesari, Aniket, Predicting Cybersecurity Incidents Through Mandatory Disclosure Regulation (March 2, 2022). Illinois Journal of Law, Technology, and Policy , Available at SSRN: https://ssrn.com/abstract=3700243 or http://dx.doi.org/10.2139/ssrn.3700243

Aniket Kesari (Contact Author)

Fordham University School of Law ( email )

140 West 62nd Street
New York, NY 10023
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
218
Abstract Views
805
Rank
259,557
PlumX Metrics