Evolution of Cybersecurity Disclosure

58 Pages Posted: 1 Sep 2023

See all articles by Maryam Firoozi

Maryam Firoozi

affiliation not provided to SSRN

Sana Mohsni

Carleton University - Sprott School of Business


To keep firms accountable and more transparent about their cyber risks and cyber risk management practices, regulators have recently issued guidelines on cybersecurity disclosure. Currently, our understanding of how firms disclose this information, the drivers of such disclosures, and the role of policies in this area are still in their infancy. In this study, we investigate cybersecurity disclosure practices of a randomly selected sample of firms (based on industry and size) from the Toronto Stock Exchange. Our study uses an in-depth manual content analysis of corporate reports to measure cybersecurity disclosure over a seven-year period. Overall, our results show a significant increase in cybersecurity disclosure after the Canadian Securities Administrators issued a guidance for cybersecurity disclosure in 2017. In addition, Canadian firms’ cybersecurity disclosure depends on firm characteristics and areas of cybersecurity, with a lot of room for improvement. Specifically, disclosure related to governance of cybersecurity and measures taken to mitigate cyber risks can be significantly improved. This study contributes to our understanding of how policies shape cybersecurity transparency.

Keywords: Cybersecurity Disclosure, Cyber Risks, IT Governance, corporate governance

Suggested Citation

Firoozi, Maryam and Mohsni, Sana, Evolution of Cybersecurity Disclosure. Available at SSRN: https://ssrn.com/abstract=4559167 or http://dx.doi.org/10.2139/ssrn.4559167

Maryam Firoozi (Contact Author)

affiliation not provided to SSRN ( email )

No Address Available

Sana Mohsni

Carleton University - Sprott School of Business ( email )

1125 Colonel By Drive
810 Dunton Tower
Ottawa, Ontario K1S SB6

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics