The Impact of Country Institutional Factors on Firm Disclosure: Cybersecurity Disclosures in Chinese Cross-Listed Firms
32 Pages Posted: 4 Sep 2021 Last revised: 7 Sep 2021
Date Written: September 1, 2021
Protection of intellectual property and sensitive data on customers pose significant challenges in the current economy. The institutional setting for cybersecurity differs tremendously by country. In China, the government plays a central role in overseeing cybersecurity. In the US, however, cybersecurity protection has been primarily left up to individual companies, with regulations focused more on disclosure of cyber events rather than on their prevention. This paper explores differences in qualitative disclosures reflecting cybersecurity awareness between Chinese firms that cross-list in the US and their US domestic counterparts. We argue that the Chinese firms frame disclosures based upon the context of the Chinese institutional setting. Consistent with the strong regulatory framework in China externalizing cybersecurity and thus reducing the need to disclose individual company cybersecurity awareness, we find that Chinese firms have lower levels of cybersecurity disclosure. Market valuation of this qualitative disclosure is higher for Chinese cross-listed firms than for US firms, suggesting that the market favorably views Chinese firm disclosures that communicate a greater level of internalized cybersecurity awareness. To further explore the effect of institutional setting on market valuation of cybersecurity awareness, we perform an event study for the time period surrounding arrest of Huawei’s CFO. This event potentially challenged the effectiveness of Chinese cybersecurity policies since cybersecurity weaknesses at the company were highlighted. We find a negative stock market reaction to the event, but only for Chinese companies. Our results thus provide evidence that the market’s view of company cybersecurity awareness is sensitive to changes in perceptions of the company’s institutional setting.
Keywords: Cybersecurity awareness, Disclosure, Market valuations, Cross-listing, China
JEL Classification: M41
Suggested Citation: Suggested Citation