The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical evidence
Author
Abstract
Suggested Citation
DOI: 10.1016/j.rie.2022.07.001
Download full text from publisher
As the access to this document is restricted, you may want to search for a different version of it.
References listed on IDEAS
- Chris E. Hogan & Michael S. Wilkins, 2008. "Evidence on the Audit Risk Model: Do Auditors Increase Audit Fees in the Presence of Internal Control Deficiencies?," Contemporary Accounting Research, John Wiley & Sons, vol. 25(1), pages 219-242, March.
- Benaroch, Michel & Chernobai, Anna & Goldstein, James, 2012. "An internal control perspective on the market value consequences of IT operational risk events," International Journal of Accounting Information Systems, Elsevier, vol. 13(4), pages 357-381.
- John Ziyang Zhang & Yangxin Yu, 2016. "Does Board Independence Affect Audit Fees? Evidence from Recent Regulatory Reforms," European Accounting Review, Taylor & Francis Journals, vol. 25(4), pages 793-814, October.
- Md. Shariful Islam & Nusrat Farah & Thomas F. Stafford, 2018. "Factors associated with security/cybersecurity audit by internal audit function," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 377-409, April.
- Austen, Lizabeth A. & Eilifsen, Aasmund & Messier Jr., William F., 2004. "Auditor Detected Misstatements and the Effect of Information Technology," Discussion Papers 2004/1, Norwegian School of Economics, Department of Business and Management Science.
- Esther Gal-Or & Anindya Ghose, 2005.
"The Economic Incentives for Sharing Security Information,"
Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
- Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Industrial Organization 0503004, University Library of Munich, Germany.
- Chernobai, Anna & Jorion, Philippe & Yu, Fan, 2011. "The Determinants of Operational Risk in U.S. Financial Institutions," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 46(6), pages 1683-1725, December.
- Saini Das & Arunabha Mukhopadhyay & Manoj Anand, 2012. "Stock Market Response to Information Security Breach: A Study Using Firm and Attack Characteristics," Journal of Information Privacy and Security, Taylor & Francis Journals, vol. 8(4), pages 27-55, October.
- Hausken, Kjell, 2006. "Income, interdependence, and substitution effects affecting incentives for security investment," Journal of Accounting and Public Policy, Elsevier, vol. 25(6), pages 629-665.
- Doyle, Jeffrey & Ge, Weili & McVay, Sarah, 2007. "Determinants of weaknesses in internal control over financial reporting," Journal of Accounting and Economics, Elsevier, vol. 44(1-2), pages 193-223, September.
- Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
- Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
- Rick Johnston & Reining Petacchi, 2017. "Regulatory Oversight of Financial Reporting: Securities and Exchange Commission Comment Letters," Contemporary Accounting Research, John Wiley & Sons, vol. 34(2), pages 1128-1155, June.
- Pierangelo Rosati & Fabian Gogolin & Theo Lynn, 2019. "Audit Firm Assessments of Cyber-Security Risk: Evidence from Audit Fees and SEC Comment Letters," The International Journal of Accounting (TIJA), World Scientific Publishing Co. Pte. Ltd., vol. 54(03), pages 1-56, September.
- Anat Hovav & John D'Arcy, 2003. "The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(2), pages 97-121, September.
- Xue Wang, 2010. "Increased Disclosure Requirements and Corporate Governance Decisions: Evidence from Chief Financial Officers in the Pre‐ and Post–Sarbanes‐Oxley Periods," Journal of Accounting Research, Wiley Blackwell, vol. 48(4), pages 885-920, September.
- Rosati, Pierangelo & Deeney, Peter & Cummins, Mark & van der Werff, Lisa & Lynn, Theo, 2019. "Social media and stock price reaction to data breach announcements: Evidence from US listed companies," Research in International Business and Finance, Elsevier, vol. 47(C), pages 458-469.
- Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
- Wang, Tawei & Hsu, Carol, 2013. "Board composition and operational risk events of financial institutions," Journal of Banking & Finance, Elsevier, vol. 37(6), pages 2042-2051.
- Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
- repec:cup:jfinqa:v:46:y:2011:i:06:p:1683-1725_00 is not listed on IDEAS
- Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
- Paul Hribar & D. Craig Nichols, 2007. "The Use of Unsigned Earnings Quality Measures in Tests of Earnings Management," Journal of Accounting Research, Wiley Blackwell, vol. 45(5), pages 1017-1053, December.
- Xia Chen & Qiang Cheng & Alvis K. Lo, 2013. "Accounting Restatements and External Financing Choices," Contemporary Accounting Research, John Wiley & Sons, vol. 30(2), pages 750-779, June.
- Palmrose, Zoe-Vonna & Richardson, Vernon J. & Scholz, Susan, 2004. "Determinants of market reactions to restatement announcements," Journal of Accounting and Economics, Elsevier, vol. 37(1), pages 59-89, February.
- DeAngelo, Linda Elizabeth, 1981. "Auditor size and audit quality," Journal of Accounting and Economics, Elsevier, vol. 3(3), pages 183-199, December.
- Ilia D. Dichev & Douglas J. Skinner, 2002. "Large–Sample Evidence on the Debt Covenant Hypothesis," Journal of Accounting Research, Wiley Blackwell, vol. 40(4), pages 1091-1123, September.
- DeFond, Mark L. & Jiambalvo, James, 1994. "Debt covenant violation and manipulation of accruals," Journal of Accounting and Economics, Elsevier, vol. 17(1-2), pages 145-176, January.
- Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
- Mark L. Defond & Clive S. Lennox, 2017. "Do PCAOB Inspections Improve the Quality of Internal Control Audits?," Journal of Accounting Research, Wiley Blackwell, vol. 55(3), pages 591-627, June.
- Miles B. Gietzmann & Angela K. Pettinicchio, 2014. "External Auditor Reassessment of Client Business Risk Following the Issuance of a Comment Letter by the SEC," European Accounting Review, Taylor & Francis Journals, vol. 23(1), pages 57-85, May.
Citations
Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
Cited by:
- Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
Most related items
These are the items that most often cite the same works as this one and are cited by the same works as this one.- Lin, Zhaoxin & Sapp, Travis R.A. & Ulmer, Jackie Rees & Parsa, Rahul, 2020. "Insider trading ahead of cyber breach announcements," Journal of Financial Markets, Elsevier, vol. 50(C).
- Oliver Henk, 2020. "Internal control through the lens of institutional work: a systematic literature review," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 31(3), pages 239-273, September.
- Dechow, Patricia & Ge, Weili & Schrand, Catherine, 2010. "Understanding earnings quality: A review of the proxies, their determinants and their consequences," Journal of Accounting and Economics, Elsevier, vol. 50(2-3), pages 344-401, December.
- Casey, Ryan J. & Kaplan, Steven E. & Pinello, Arianna Spina, 2015. "Do auditors constrain benchmark beating behavior to a greater extent in the fourth versus interim quarters?," Advances in accounting, Elsevier, vol. 31(1), pages 1-10.
- Sylvie Héroux & Anne Fortin, 2024. "Board of directors’ attributes and aspects of cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 28(2), pages 359-404, June.
- Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
- Syed Emad Azhar Ali & Fong-Woon Lai & Rohail Hassan & Muhammad Kashif Shad, 2021. "The Long-Run Impact of Information Security Breach Announcements on Investors’ Confidence: The Context of Efficient Market Hypothesis," Sustainability, MDPI, vol. 13(3), pages 1-27, January.
- Matthew Notbohm & Katherine Campbell & Adam R. Smedema & Tianming Zhang, 2019. "Management’s personal ideology and financial reporting quality," Review of Quantitative Finance and Accounting, Springer, vol. 52(2), pages 521-571, February.
- Michael McShane & Trung Nguyen, 2020. "Time-varying effects of cyberattacks on firm value," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 580-615, October.
- Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
- Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
- Mohamed Khalil & Aydin Ozkan, 2016. "Board Independence, Audit Quality and Earnings Management: Evidence from Egypt," Journal of Emerging Market Finance, Institute for Financial Management and Research, vol. 15(1), pages 84-118, April.
- Fung, Simon Y.K. & Goodwin, John, 2013. "Short-term debt maturity, monitoring and accruals-based earnings management," Journal of Contemporary Accounting and Economics, Elsevier, vol. 9(1), pages 67-82.
- Chantziaras, Antonios & Koulikidou, Kleopatra & Leventis, Stergios, 2021. "The power of words in capital markets: SEC comment letters on foreign issuers and the impact of home country enforcement," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 42(C).
- Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
- Jian Cao & Feng Chen & Julia L. Higgs, 2016. "Late for a very important date: financial reporting and audit implications of late 10-K filings," Review of Accounting Studies, Springer, vol. 21(2), pages 633-671, June.
- Lu Wei & Jianping Li & Xiaoqian Zhu, 2018. "Operational Loss Data Collection: A Literature Review," Annals of Data Science, Springer, vol. 5(3), pages 313-337, September.
- Gil S. Bae & Seung UK Choi & Phillip T. Lamoreaux & Jae Eun Lee, 2021. "Auditors' Fee Premiums and Low‐Quality Internal Controls," Contemporary Accounting Research, John Wiley & Sons, vol. 38(1), pages 586-620, March.
- Todd D. Kravet & Sarah E. McVay & David P. Weber, 2018. "Costs and benefits of internal control audits: evidence from M&A transactions," Review of Accounting Studies, Springer, vol. 23(4), pages 1389-1423, December.
- Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
More about this item
Keywords
Cybersecurity; Cybersecurity risk disclosure; Financial reporting; Data breaches;All these keywords.
JEL classification:
- G14 - Financial Economics - - General Financial Markets - - - Information and Market Efficiency; Event Studies; Insider Trading
- G15 - Financial Economics - - General Financial Markets - - - International Financial Markets
- G31 - Financial Economics - - Corporate Finance and Governance - - - Capital Budgeting; Fixed Investment and Inventory Studies
- C52 - Mathematical and Quantitative Methods - - Econometric Modeling - - - Model Evaluation, Validation, and Selection
Statistics
Access and download statisticsCorrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reecon:v:76:y:2022:i:2:p:131-140. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/inca/622941 .
Please note that corrections may take a couple of weeks to filter through the various RePEc services.