Evolution of Cybersecurity Disclosure
58 Pages Posted: 1 Sep 2023
To keep firms accountable and more transparent about their cyber risks and cyber risk management practices, regulators have recently issued guidelines on cybersecurity disclosure. Currently, our understanding of how firms disclose this information, the drivers of such disclosures, and the role of policies in this area are still in their infancy. In this study, we investigate cybersecurity disclosure practices of a randomly selected sample of firms (based on industry and size) from the Toronto Stock Exchange. Our study uses an in-depth manual content analysis of corporate reports to measure cybersecurity disclosure over a seven-year period. Overall, our results show a significant increase in cybersecurity disclosure after the Canadian Securities Administrators issued a guidance for cybersecurity disclosure in 2017. In addition, Canadian firms’ cybersecurity disclosure depends on firm characteristics and areas of cybersecurity, with a lot of room for improvement. Specifically, disclosure related to governance of cybersecurity and measures taken to mitigate cyber risks can be significantly improved. This study contributes to our understanding of how policies shape cybersecurity transparency.
Keywords: Cybersecurity Disclosure, Cyber Risks, IT Governance, corporate governance
Suggested Citation: Suggested Citation