Corporate Cybersecurity and the Impact of State-Level Cyber Laws

31 Pages Posted: 9 Jan 2025

See all articles by Jonathan Jona

Jonathan Jona

University of New Mexico - Robert O. Anderson Schools of Management

Naomi S. Soderstrom

University of Melbourne

Chao Kevin Li

The University of Adelaide

Abstract

In the United States, laws at the federal level regarding cybersecurity have historically left cybersecurity protection primarily up to individual companies, with regulations focused more on disclosure of cyber events rather than on their prevention. Although the Federal approach to cybersecurity regulation is changing under the Biden administration, specific regulatory changes will take time to be developed and implemented. As a result of the approach to cybersecurity at the federal level, many states have passed their own cybersecurity laws. This paper explores how differences in corporate qualitative disclosures related to cybersecurity awareness impact how the market responds to passage of the laws. We argue that because the expected costs for companies to comply with the laws will vary according to the “business friendliness” of the state, the effect of law passage on market valuation will be stronger for democratic majority (“blue”) states since laws in these states are likely to address different aspects of cybersecurity and are more likely to be enforced. Results are consistent with our expectations, with a more positive valuation for firms with existing cyber mitigation and results focused in blue states.

Keywords: Cybersecurity awareness, Disclosure, Market valuations, State Laws.

Suggested Citation

Jona, Jonathan and Soderstrom, Naomi S. and Li, Chao, Corporate Cybersecurity and the Impact of State-Level Cyber Laws. Available at SSRN: https://ssrn.com/abstract=5090305 or http://dx.doi.org/10.2139/ssrn.5090305

Jonathan Jona (Contact Author)

University of New Mexico - Robert O. Anderson Schools of Management ( email )

Albuquerque, NM 87131
United States

Naomi S. Soderstrom

University of Melbourne ( email )

Victoria
Melbourne, 3010
Australia

Chao Li

The University of Adelaide ( email )

Adelaide, 5005
Australia

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
37
Abstract Views
94
PlumX Metrics