IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v24y2013i2p201-218.html
   My bibliography  Save this article

The Association Between the Disclosure and the Realization of Information Security Risk Factors

Author

Listed:
  • Tawei Wang

    (School of Accountancy, Shidler College of Business, University of Hawaii at Manoa, Honolulu, Hawaii 96822)

  • Karthik N. Kannan

    (Krannert Graduate School of Management, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University, West Lafayette, Indiana 47907)

  • Jackie Rees Ulmer

    (Krannert Graduate School of Management, Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University, West Lafayette, Indiana 47907)

Abstract

Firms often disclose information security risk factors in public filings such as 10-K reports. The internal information associated with disclosures may be positive or negative. In this paper, we evaluate how the nature of the disclosed security risk factors, believed to represent the firm's internal information regarding information security, is associated with future breach announcements reported in the media. For this purpose, we build a decision tree model, which classifies the occurrence of future security breaches based on the textual contents of the disclosed security risk factors. The model is able to accurately associate disclosure characteristics with breach announcements about 77% of the time. We further explore the contents of the security risk factors using text-mining techniques to provide a richer interpretation of the results. The results show that the disclosed security risk factors with risk-mitigation themes are less likely to be related to future breach announcements. We also investigate how the market interprets the nature of information security risk factors in annual reports. We find that the market reaction following the security breach announcement is different depending on the nature of the preceding disclosure. Thus, our paper contributes to the literature in information security and sheds light on how market participants can better interpret security risk factors disclosed in financial reports at the time when financial reports are released.

Suggested Citation

  • Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    • Handle: RePEc:inm:orisre:v:24:y:2013:i:2:p:201-218
    DOI: 10.1287/isre.1120.0437
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.1120.0437
    Download Restriction: no
    File URL: https://libkey.io/10.1287/isre.1120.0437?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Imbens, Guido W, 1992. "An Efficient Method of Moments Estimator for Discrete Choice Models with Choice-Based Sampling," Econometrica, Econometric Society, vol. 60(5), pages 1187-1214, September.
    2. Skinner, Dj, 1994. "Why Firms Voluntarily Disclose Bad-News," Journal of Accounting Research, Wiley Blackwell, vol. 32(1), pages 38-60.
    3. Grossman, Sanford J, 1981. "The Informational Role of Warranties and Private Disclosure about Product Quality," Journal of Law and Economics, University of Chicago Press, vol. 24(3), pages 461-483, December.
    4. Esmeralda Ramalho & Joaquim Ramalho, 2006. "Bias-Corrected Moment-Based Estimators for Parametric Models Under Endogenous Stratified Sampling," Econometric Reviews, Taylor & Francis Journals, vol. 25(4), pages 475-496.
    5. Stock, James H & Wright, Jonathan H & Yogo, Motohiro, 2002. "A Survey of Weak Instruments and Weak Identification in Generalized Method of Moments," Journal of Business & Economic Statistics, American Statistical Association, vol. 20(4), pages 518-529, October.
    6. Tanaka, Hideyuki & Matsuura, Kanta & Sudoh, Osamu, 2005. "Vulnerability and information security investment: An empirical analysis of e-local government in Japan," Journal of Accounting and Public Policy, Elsevier, vol. 24(1), pages 37-59.
    7. Verrecchia, Robert E., 2001. "Essays on disclosure," Journal of Accounting and Economics, Elsevier, vol. 32(1-3), pages 97-180, December.
    8. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    9. Li, Feng, 2008. "Annual report readability, current earnings, and earnings persistence," Journal of Accounting and Economics, Elsevier, vol. 45(2-3), pages 221-247, August.
    10. Paul R. Milgrom, 1981. "Good News and Bad News: Representation Theorems and Applications," Bell Journal of Economics, The RAND Corporation, vol. 12(2), pages 380-391, Autumn.
    11. Jingguo Wang & Aby Chaudhury & H. Raghav Rao, 2008. "Research Note ---A Value-at-Risk Approach to Information Security Investment," Information Systems Research, INFORMS, vol. 19(1), pages 106-120, March.
    12. Paul C. Tetlock & Maytal Saar‐Tsechansky & Sofus Macskassy, 2008. "More Than Words: Quantifying Language to Measure Firms' Fundamentals," Journal of Finance, American Finance Association, vol. 63(3), pages 1437-1467, June.
    13. King, Gary & Zeng, Langche, 2001. "Logistic Regression in Rare Events Data," Political Analysis, Cambridge University Press, vol. 9(2), pages 137-163, January.
    14. Dye, Ra, 1985. "Disclosure Of Nonproprietary Information," Journal of Accounting Research, Wiley Blackwell, vol. 23(1), pages 123-145.
    15. Til Schuermann, 2005. "A review of recent books on credit risk," Journal of Applied Econometrics, John Wiley & Sons, Ltd., vol. 20(1), pages 123-130.
    16. Andreas Jobst, 2007. "Operational Risk: The Sting is Still in the Tail But the Poison Dependson the Dose," IMF Working Papers 2007/239, International Monetary Fund.
    17. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    18. Mark Cecchini & Haldun Aytug & Gary J. Koehler & Praveen Pathak, 2010. "Detecting Management Fraud in Public Companies," Management Science, INFORMS, vol. 56(7), pages 1146-1160, July.
    19. Hughes, J.S.John S. & Pae, Suil, 2004. "Voluntary disclosure of precision information," Journal of Accounting and Economics, Elsevier, vol. 37(2), pages 261-289, June.
    20. Field, Laura & Lowry, Michelle & Shu, Susan, 2005. "Does disclosure deter or trigger litigation?," Journal of Accounting and Economics, Elsevier, vol. 39(3), pages 487-507, September.
    21. Fama, Eugene F & French, Kenneth R, 1992. "The Cross-Section of Expected Stock Returns," Journal of Finance, American Finance Association, vol. 47(2), pages 427-465, June.
    22. Larcker, David F. & Rusticus, Tjomme O., 2010. "On the use of instrumental variables in accounting research," Journal of Accounting and Economics, Elsevier, vol. 49(3), pages 186-205, April.
    23. Cosslett, Stephen R, 1981. "Maximum Likelihood Estimator for Choice-Based Samples," Econometrica, Econometric Society, vol. 49(5), pages 1289-1316, September.
    24. Andrews,Donald W. K. & Stock,James H. (ed.), 2005. "Identification and Inference for Econometric Models," Cambridge Books, Cambridge University Press, number 9780521844413, October.
    25. Robert Tibshirani & Guenther Walther & Trevor Hastie, 2001. "Estimating the number of clusters in a data set via the gap statistic," Journal of the Royal Statistical Society Series B, Royal Statistical Society, vol. 63(2), pages 411-423.
    26. Bart Baesens & Rudy Setiono & Christophe Mues & Jan Vanthienen, 2003. "Using Neural Network Rule Extraction and Decision Tables for Credit-Risk Evaluation," Management Science, INFORMS, vol. 49(3), pages 312-329, March.
    27. Mark Bagnoli & Susan G. Watts, 2007. "Financial Reporting and Supplemental Voluntary Disclosures," Journal of Accounting Research, Wiley Blackwell, vol. 45(5), pages 885-913, December.
    28. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    29. Richard J. Herring, 2002. "The Basel II approach to bank operational risk: regulation on the wrong track," Proceedings 826, Federal Reserve Bank of Chicago.
    30. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    31. Imbens, Guido W, 1992. "An Efficient Method of Moments Estimator for Discrete Choice Models with Choice-Based Sampling," Econometrica, Econometric Society, vol. 60(5), pages 1187-1214, September.
    32. Brown, Stephen J. & Warner, Jerold B., 1985. "Using daily stock returns : The case of event studies," Journal of Financial Economics, Elsevier, vol. 14(1), pages 3-31, March.
    33. Francis, J & Philbrick, D & Schipper, K, 1994. "Shareholder Litigation And Corporate Disclosures," Journal of Accounting Research, Wiley Blackwell, vol. 32(2), pages 137-164.
    34. Paul C. Tetlock, 2007. "Giving Content to Investor Sentiment: The Role of Media in the Stock Market," Journal of Finance, American Finance Association, vol. 62(3), pages 1139-1168, June.
    35. Dye, Ronald A., 2001. "An evaluation of "essays on disclosure" and the disclosure literature in accounting," Journal of Accounting and Economics, Elsevier, vol. 32(1-3), pages 181-235, December.
    36. Tim Loughran & Bill Mcdonald, 2011. "When Is a Liability Not a Liability? Textual Analysis, Dictionaries, and 10‐Ks," Journal of Finance, American Finance Association, vol. 66(1), pages 35-65, February.
    37. Bamber, Linda Smith & Barron, Orie E. & Stober, Thomas L., 1999. "Differential Interpretations and Trading Volume," Journal of Financial and Quantitative Analysis, Cambridge University Press, vol. 34(3), pages 369-386, September.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Beyer, Anne & Cohen, Daniel A. & Lys, Thomas Z. & Walther, Beverly R., 2010. "The financial reporting environment: Review of the recent literature," Journal of Accounting and Economics, Elsevier, vol. 50(2-3), pages 296-343, December.
    2. Renato Camodeca & Alex Almici & Umberto Sagliaschi, 2018. "Sustainability Disclosure in Integrated Reporting: Does It Matter to Investors? A Cheap Talk Approach," Sustainability, MDPI, vol. 10(12), pages 1-34, November.
    3. Pae, Suil, 2005. "Selective disclosures in the presence of uncertainty about information endowment," Journal of Accounting and Economics, Elsevier, vol. 39(3), pages 383-409, September.
    4. Stephan Hollander & Maarten Pronk & Erik Roelofsen, 2010. "Does Silence Speak? An Empirical Analysis of Disclosure Choices During Conference Calls," Journal of Accounting Research, Wiley Blackwell, vol. 48(3), pages 531-563, June.
    5. Christian Leuz & Peter D. Wysocki, 2016. "The Economics of Disclosure and Financial Reporting Regulation: Evidence and Suggestions for Future Research," Journal of Accounting Research, Wiley Blackwell, vol. 54(2), pages 525-622, May.
    6. Jesse A. Ellis & C. Edward Fee & Shawn E. Thomas, 2012. "Proprietary Costs and the Disclosure of Information About Customers," Journal of Accounting Research, Wiley Blackwell, vol. 50(3), pages 685-727, June.
    7. Agapova, Anna & Volkov, Nikanor, 2019. "Guidance on strategic information: Investor-management disagreement and firm intrinsic value," Journal of Banking & Finance, Elsevier, vol. 108(C).
    8. Price, S. McKay & Doran, James S. & Peterson, David R. & Bliss, Barbara A., 2012. "Earnings conference calls and stock returns: The incremental informativeness of textual tone," Journal of Banking & Finance, Elsevier, vol. 36(4), pages 992-1011.
    9. Hanley, Kathleen Weiss & Hoberg, Gerard, 2012. "Litigation risk, strategic disclosure and the underpricing of initial public offerings," Journal of Financial Economics, Elsevier, vol. 103(2), pages 235-254.
    10. Konrad Lang, 2018. "Voluntary Disclosure and Analyst Forecast," European Accounting Review, Taylor & Francis Journals, vol. 27(1), pages 23-36, January.
    11. Suijs, Jeroen, 2007. "Voluntary disclosure of information when firms are uncertain of investor response," Journal of Accounting and Economics, Elsevier, vol. 43(2-3), pages 391-410, July.
    12. Sung Gon Chung & Beng Wee Goh & Jeffrey Ng & Kevin Ow Yong, 2017. "Voluntary fair value disclosures beyond SFAS 157’s three-level estimates," Review of Accounting Studies, Springer, vol. 22(1), pages 430-468, March.
    13. Imhof, Michael J & Seavey, Scott E., 2018. "How investors value cash and cash flows when managers commit to providing earnings forecasts," Advances in accounting, Elsevier, vol. 41(C), pages 74-87.
    14. Heitzman, Shane & Wasley, Charles & Zimmerman, Jerold, 2010. "The joint effects of materiality thresholds and voluntary disclosure incentives on firms' disclosure decisions," Journal of Accounting and Economics, Elsevier, vol. 49(1-2), pages 109-132, February.
    15. Kelvin K. F. Law & Lillian F. Mills, 2015. "Taxes and Financial Constraints: Evidence from Linguistic Cues," Journal of Accounting Research, Wiley Blackwell, vol. 53(4), pages 777-819, September.
    16. Liebmann, Michael & Orlov, Alexei G. & Neumann, Dirk, 2016. "The tone of financial news and the perceptions of stock and CDS traders," International Review of Financial Analysis, Elsevier, vol. 46(C), pages 159-175.
    17. E. Cheynel & M. Liu-Watts, 2020. "A simple structural estimator of disclosure costs," Review of Accounting Studies, Springer, vol. 25(1), pages 201-245, March.
    18. Praveen Kumar & Nisan Langberg & K. Sivaramakrishnan, 2012. "Voluntary Disclosures, Corporate Control, and Investment," Journal of Accounting Research, Wiley Blackwell, vol. 50(4), pages 1041-1076, September.
    19. Daniel Aobdia, 2018. "Employee mobility, noncompete agreements, product-market competition, and company disclosure," Review of Accounting Studies, Springer, vol. 23(1), pages 296-346, March.
    20. Hans B. Christensen & Luzi Hail & Christian Leuz, 2021. "Mandatory CSR and sustainability reporting: economic analysis and literature review," Review of Accounting Studies, Springer, vol. 26(3), pages 1176-1248, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:24:y:2013:i:2:p:201-218. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.