IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v38y2020ics1467089520300361.html
   My bibliography  Save this article

Public companies' cybersecurity risk disclosures

Author

Listed:
  • Gao, Lei
  • Calderon, Thomas G.
  • Tang, Fengchun

Abstract

Though cybersecurity risks are significant and could materially affect business operations and the integrity of financial reporting, there is limited empirical research on the cybersecurity risk disclosure trends and practices of public companies. In this study, we conduct a longitudinal study of the content and linguistic characteristics of public companies' cybersecurity risk disclosure practices as well as factors that may drive disclosure trends. The results show that the two most commonly disclosed cybersecurity risks are risks of service/operation disruption and risks of data breach. Item 1A of the 10-K Report is the most commonly used disclosure location, but some companies also use Items 1 and 7 to disclose regulation risks and cyber incidents, respectively. The length of cybersecurity risk disclosures increases linearly during the period of our study. This increase is associated with the issuance of SEC guidance (2011 and 2018), industry, overall cybersecurity risks in the general environment, company size, and prior cybersecurity breach incidents. Disclosures have also become more difficult to read in general. They are more difficult to read as firm size increases and are easier to read as the proportion of intangible assets increases or after an executive change. Firms have increased their usage of litigious words in their disclosures. Bigger firms, on average, tend to use less litigious language, but companies in industries with high business information technology intensity (e.g., consumer services, software and services, and banking) tend to use more litigious language than other companies.

Suggested Citation

  • Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    • Handle: RePEc:eee:ijoais:v:38:y:2020:i:c:s1467089520300361
    DOI: 10.1016/j.accinf.2020.100468
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089520300361
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2020.100468?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Hooks, Jill & van Staden, Chris J., 2011. "Evaluating environmental disclosures: The relationship between quality and extent measures," The British Accounting Review, Elsevier, vol. 43(3), pages 200-213.
    2. Merve Kılıç & Cemil Kuzey, 2018. "Determinants of forward-looking disclosures in integrated reporting," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(1), pages 115-144, January.
    3. Hany Elzahar & Khaled Hussainey, 2012. "Determinants of narrative risk disclosures in UK interim reports," Journal of Risk Finance, Emerald Group Publishing, vol. 13(2), pages 133-147, February.
    4. Anil Arya & Brian Mittendorf & Dae‐Hee Yoon, 2019. "Public Disclosures in the Presence of Suppliers and Competitors," Contemporary Accounting Research, John Wiley & Sons, vol. 36(2), pages 758-772, June.
    5. Bloomfield, Robert, 2008. "Discussion of "Annual report readability, current earnings, and earnings persistence"," Journal of Accounting and Economics, Elsevier, vol. 45(2-3), pages 248-252, August.
    6. Kristina Rennekamp, 2012. "Processing Fluency and Investors’ Reactions to Disclosure Readability," Journal of Accounting Research, Wiley Blackwell, vol. 50(5), pages 1319-1354, December.
    7. Dulacha G. Barako & Phil Hancock & H. Y. Izan, 2006. "Factors Influencing Voluntary Corporate Disclosure by Kenyan Companies," Corporate Governance: An International Review, Wiley Blackwell, vol. 14(2), pages 107-125, March.
    8. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    9. Leuz, C & Verrecchia, RE, 2000. "The economic consequences of increased disclosure," Journal of Accounting Research, Wiley Blackwell, vol. 38, pages 91-124.
    10. Kathleen Weiss Hanley & Gerard Hoberg, 2019. "Dynamic Interpretation of Emerging Risks in the Financial Sector," The Review of Financial Studies, Society for Financial Studies, vol. 32(12), pages 4543-4603.
    11. Brian J. Bushee & Ian D. Gow & Daniel J. Taylor, 2018. "Linguistic Complexity in Firm Disclosures: Obfuscation or Information?," Journal of Accounting Research, Wiley Blackwell, vol. 56(1), pages 85-121, March.
    12. Yang Bao & Anindya Datta, 2014. "Simultaneously Discovering and Quantifying Risk Types from Textual Risk Disclosures," Management Science, INFORMS, vol. 60(6), pages 1371-1391, June.
    13. Karen K. Nelson & A. C. Pritchard, 2016. "Carrot or Stick? The Shift from Voluntary to Mandatory Disclosure of Risk Factors," Journal of Empirical Legal Studies, John Wiley & Sons, vol. 13(2), pages 266-297, June.
    14. Doris M. Merkl-Davies & Niamh Brennan, 2007. "Discretionary disclosure strategies in corporate narratives : incremental information or impression management?," Open Access publications 10197/2907, Research Repository, University College Dublin.
    15. Harold Hassink & Meinderd Vries & Laury Bollen, 2007. "A Content Analysis of Whistleblowing Policies of Leading European Companies," Journal of Business Ethics, Springer, vol. 75(1), pages 25-44, September.
    16. Tim Loughran & Bill Mcdonald, 2016. "Textual Analysis in Accounting and Finance: A Survey," Journal of Accounting Research, Wiley Blackwell, vol. 54(4), pages 1187-1230, September.
    17. Lori Holder-Webb & Jeffrey Cohen & Leda Nath & David Wood, 2009. "The Supply of Corporate Social Responsibility Disclosures Among U.S. Firms," Journal of Business Ethics, Springer, vol. 84(4), pages 497-527, February.
    18. Hichem Khlif & Khaled Hussainey, 2016. "The association between risk disclosure and firm characteristics: a meta-analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(2), pages 181-211, February.
    19. Tzu‐Ting Chiu & Jeong‐Bon Kim & Zheng Wang, 2019. "Customers’ Risk Factor Disclosures and Suppliers’ Investment Efficiency," Contemporary Accounting Research, John Wiley & Sons, vol. 36(2), pages 773-804, June.
    20. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    21. Tim Loughran & Bill Mcdonald, 2011. "When Is a Liability Not a Liability? Textual Analysis, Dictionaries, and 10‐Ks," Journal of Finance, American Finance Association, vol. 66(1), pages 35-65, February.
    22. Hasseldine, J. & Salama, A.I. & Toms, J.S., 2005. "Quantity versus quality: the impact of environmental disclosures on the reputations of UK Plcs," The British Accounting Review, Elsevier, vol. 37(2), pages 231-248.
    23. Field, Laura & Lowry, Michelle & Shu, Susan, 2005. "Does disclosure deter or trigger litigation?," Journal of Accounting and Economics, Elsevier, vol. 39(3), pages 487-507, September.
    24. Jonas Oliveira & Lúcia Lima Rodrigues & Russell Craig, 2011. "Risk-related disclosures by non-finance companies: Portuguese practices and disclosure characteristics," Managerial Auditing Journal, Emerald Group Publishing, vol. 26(9), pages 817-839, October.
    25. Beck, A. Cornelia & Campbell, David & Shrives, Philip J., 2010. "Content analysis in environmental reporting research: Enrichment and rehearsal of the method in a British–German context," The British Accounting Review, Elsevier, vol. 42(3), pages 207-222.
    26. Michael Spence, 1973. "Job Market Signaling," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 87(3), pages 355-374.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Maryam Firoozi & Sana Mohsni, 2023. "Cybersecurity disclosure in the banking industry: a comparative study," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 20(4), pages 451-477, December.
    2. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).
    3. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    4. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nerissa C. Brown & Richard M. Crowley & W. Brooke Elliott, 2020. "What Are You Saying? Using topic to Detect Financial Misreporting," Journal of Accounting Research, Wiley Blackwell, vol. 58(1), pages 237-291, March.
    2. Michele Gendelsky de Oliveira & Graça Azevedo & Jonas Oliveira, 2021. "The Relationship between the Company’s Value and the Tone of the Risk-Related Narratives: The Case of Portugal," Economies, MDPI, vol. 9(2), pages 1-28, May.
    3. Umar, Tarik, 2022. "Complexity aversion when SeekingAlpha," Journal of Accounting and Economics, Elsevier, vol. 73(2).
    4. Kevin Koh & Heather Li & Yen H. Tong, 2023. "Corporate social responsibility (CSR) performance and stakeholder engagement: Evidence from the quantity and quality of CSR disclosures," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(2), pages 504-517, March.
    5. Danial Hemmings & Lynn Hodgkinson & Gwion Williams, 2020. "It's OK to pay well, if you write well: The effects of remuneration disclosure readability," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 47(5-6), pages 547-586, May.
    6. Jin, Zuben, 2024. "Business aspects in focus, investor underreaction and return predictability," Journal of Corporate Finance, Elsevier, vol. 84(C).
    7. Pastwa, Anna M. & Shrestha, Prabal & Thewissen, James & Torsin, Wouter, 2021. "Unpacking the black box of ICO white papers: a topic modeling approach," LIDAM Discussion Papers LFIN 2021018, Université catholique de Louvain, Louvain Finance (LFIN).
    8. Xi Fu & Xiaoxi Wu & Zhifang Zhang, 2021. "The Information Role of Earnings Conference Call Tone: Evidence from Stock Price Crash Risk," Journal of Business Ethics, Springer, vol. 173(3), pages 643-660, October.
    9. Renato Camodeca & Alex Almici & Umberto Sagliaschi, 2018. "Sustainability Disclosure in Integrated Reporting: Does It Matter to Investors? A Cheap Talk Approach," Sustainability, MDPI, vol. 10(12), pages 1-34, November.
    10. Berkin, Anil & Aerts, Walter & Van Caneghem, Tom, 2023. "Feasibility analysis of machine learning for performance-related attributional statements," International Journal of Accounting Information Systems, Elsevier, vol. 48(C).
    11. Ntim, Collins G. & Lindop, Sarah & Thomas, Dennis A., 2013. "Corporate governance and risk reporting in South Africa: A study of corporate risk disclosures in the pre- and post-2007/2008 global financial crisis periods," International Review of Financial Analysis, Elsevier, vol. 30(C), pages 363-383.
    12. Rjiba, Hatem & Saadi, Samir & Boubaker, Sabri & Ding, Xiaoya (Sara), 2021. "Annual report readability and the cost of equity capital," Journal of Corporate Finance, Elsevier, vol. 67(C).
    13. Blankespoor, Elizabeth & deHaan, Ed & Marinovic, Iván, 2020. "Disclosure processing costs, investors’ information choice, and equity market outcomes: A review," Journal of Accounting and Economics, Elsevier, vol. 70(2).
    14. Ridhima Saggar & Balwinder Singh, 2019. "Drivers of Corporate Risk Disclosure in Indian Non-financial Companies: A Longitudinal Approach," Management and Labour Studies, XLRI Jamshedpur, School of Business Management & Human Resources, vol. 44(3), pages 303-325, August.
    15. Gambacorta, Leonardo & Polizzi, Salvatore & Reghezza, Alessio & Scannella, Enzo, 2023. "Do banks practice what they preach? Brown lending and environmental disclosure in the euro area," CEPR Discussion Papers 18623, C.E.P.R. Discussion Papers.
    16. Leonardo Gambacorta & Salvatore Polizzi & Alessio Reghezza & Enzo Scannella, 2023. "Do banks practice what they preach? Brown lending and environmental disclosure in the euro area," BIS Working Papers 1143, Bank for International Settlements.
    17. Soliman, Marwa & Ben-Amar, Walid, 2022. "Corporate social responsibility orientation and textual features of financial disclosures," International Review of Financial Analysis, Elsevier, vol. 84(C).
    18. Nadine Gatzert & Dinah Heidinger, 2020. "An Empirical Analysis of Market Reactions to the First Solvency and Financial Condition Reports in the European Insurance Industry," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 87(2), pages 407-436, June.
    19. de Souza, João Antônio Salvador & Rissatti, Jean Carlo & Rover, Suliani & Borba, José Alonso, 2019. "The linguistic complexities of narrative accounting disclosure on financial statements: An analysis based on readability characteristics," Research in International Business and Finance, Elsevier, vol. 48(C), pages 59-74.
    20. Simon Fritzsch & Philipp Scharner & Gregor Weiß, 2021. "Estimating the relation between digitalization and the market value of insurers," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 88(3), pages 529-567, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:38:y:2020:i:c:s1467089520300361. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.