IDEAS home Printed from https://ideas.repec.org/a/kap/jbuset/v187y2023i1d10.1007_s10551-022-05107-z.html
   My bibliography  Save this article

Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach

Author

Listed:
  • Jing Chen

    (Stevens Institute of Technology)

  • Elaine Henry

    (Stevens Institute of Technology)

  • Xi Jiang

    (Stevens Institute of Technology)

Abstract

By examining managers’ decisions about disclosing updated assessments of firms’ risks, we present evidence that the risk factor disclosures are informative. We use the setting of cybersecurity risk factor disclosures after a data breach because data breaches, especially severe breaches, serve as a natural experiment where an exogenous shock to managers’ assessment of their firm’s cybersecurity risks occurs. We analyze the topic from the perspective of two different theoretical lenses: the economic lens of optimal risk exposure and the ethical lens of stakeholder theory. Using a sample of firms experiencing data breaches, we find that firms experiencing a data breach increase the amount of cybersecurity risk factor disclosures compared to matched firms with no data breach. Further investigation reveals that the severity of data breaches affects the results; cybersecurity risk factor disclosures increase only after severe data breaches. While there is no significant market reaction if breached firms’ subsequent annual reports include increased cybersecurity risk factor disclosures, a significant negative market reaction occurs if breached firms decrease cybersecurity risk factor disclosures, regardless of the severity of the breach, implying that the market anticipates increased disclosures after data breaches.

Suggested Citation

  • Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
  • Handle: RePEc:kap:jbuset:v:187:y:2023:i:1:d:10.1007_s10551-022-05107-z
    DOI: 10.1007/s10551-022-05107-z
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10551-022-05107-z
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.

    File URL: https://libkey.io/10.1007/s10551-022-05107-z?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Skinner, Dj, 1994. "Why Firms Voluntarily Disclose Bad-News," Journal of Accounting Research, Wiley Blackwell, vol. 32(1), pages 38-60.
    2. Nagar, Venky & Nanda, Dhananjay & Wysocki, Peter, 2003. "Discretionary disclosure and stock-based incentives," Journal of Accounting and Economics, Elsevier, vol. 34(1-3), pages 283-309, January.
    3. Benjamin E. Hermalin & Michael S. Weisbach, 2012. "Information Disclosure and Corporate Governance," Journal of Finance, American Finance Association, vol. 67(1), pages 195-234, February.
    4. Karen K. Nelson & A. C. Pritchard, 2016. "Carrot or Stick? The Shift from Voluntary to Mandatory Disclosure of Risk Factors," Journal of Empirical Legal Studies, John Wiley & Sons, vol. 13(2), pages 266-297, June.
    5. Kim, Irene & Skinner, Douglas J., 2012. "Measuring securities litigation risk," Journal of Accounting and Economics, Elsevier, vol. 53(1), pages 290-310.
    6. Vivian W. Fang & Allen H. Huang & Jonathan M. Karpoff, 2016. "Short Selling and Earnings Management: A Controlled Experiment," Journal of Finance, American Finance Association, vol. 71(3), pages 1251-1294, June.
    7. Anne Beatty & Lin Cheng & Haiwen Zhang, 2019. "Are Risk Factor Disclosures Still Relevant? Evidence from Market Reactions to Risk Factor Disclosures Before and After the Financial Crisis," Contemporary Accounting Research, John Wiley & Sons, vol. 36(2), pages 805-838, June.
    8. Ole-Kristian Hope & Danqi Hu & Hai Lu, 2016. "The benefits of specific risk-factor disclosures," Review of Accounting Studies, Springer, vol. 21(4), pages 1005-1045, December.
    9. Diamond, Douglas W & Verrecchia, Robert E, 1991. "Disclosure, Liquidity, and the Cost of Capital," Journal of Finance, American Finance Association, vol. 46(4), pages 1325-1359, September.
    10. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    11. Eli Amir & Shai Levi & Tsafrir Livne, 2018. "Do firms underreport information on cyber-attacks? Evidence from capital markets," Review of Accounting Studies, Springer, vol. 23(3), pages 1177-1206, September.
    12. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    13. Sasha Romanosky & David Hoffman & Alessandro Acquisti, 2014. "Empirical Analysis of Data Breach Litigation," Journal of Empirical Legal Studies, John Wiley & Sons, vol. 11(1), pages 74-104, March.
    14. Healy, Paul M. & Palepu, Krishna G., 2001. "Information asymmetry, corporate disclosure, and the capital markets: A review of the empirical disclosure literature," Journal of Accounting and Economics, Elsevier, vol. 31(1-3), pages 405-440, September.
    15. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    16. John L. Campbell & Mark Cecchini & Anna M. Cianci & Anne C. Ehinger & Edward M. Werner, 2019. "Tax-related mandatory risk factor disclosures, future profitability, and stock returns," Review of Accounting Studies, Springer, vol. 24(1), pages 264-308, March.
    17. Lisa Baudot & Zhongwei Huang & Dana Wallace, 2021. "Stakeholder Perceptions of Risk in Mandatory Corporate Responsibility Disclosure," Journal of Business Ethics, Springer, vol. 172(1), pages 151-174, August.
    18. Fields, Thomas D. & Lys, Thomas Z. & Vincent, Linda, 2001. "Empirical research on accounting choice," Journal of Accounting and Economics, Elsevier, vol. 31(1-3), pages 255-307, September.
    19. Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    20. Tzu‐Ting Chiu & Yuyan Guan & Jeong‐Bon Kim, 2018. "The Effect of Risk Factor Disclosures on the Pricing of Credit Default Swaps," Contemporary Accounting Research, John Wiley & Sons, vol. 35(4), pages 2191-2224, December.
    21. Wicks, Andrew C. & Gilbert, Daniel R. & Freeman, R. Edward, 1994. "A Feminist Reinterpretation of The Stakeholder Concept," Business Ethics Quarterly, Cambridge University Press, vol. 4(4), pages 475-497, October.
    22. Marie Racine & Craig Wilson & Michael Wynes, 2020. "The Value of Apology: How do Corporate Apologies Moderate the Stock Market Reaction to Non-Financial Corporate Crises?," Journal of Business Ethics, Springer, vol. 163(3), pages 485-505, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Gabriel Arquelau Pimenta Rodrigues & André Luiz Marques Serrano & Guilherme Fay Vergara & Robson de Oliveira Albuquerque & Georges Daniel Amvame Nze, 2024. "Impact, Compliance, and Countermeasures in Relation to Data Breaches in Publicly Traded U.S. Companies," Future Internet, MDPI, vol. 16(6), pages 1-32, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Albring, Susan M. & Xu, Xiaolu, 2018. "Management earnings forecasts, managerial incentives, and risk-taking," Advances in accounting, Elsevier, vol. 42(C), pages 48-69.
    2. Graham, John R. & Harvey, Campbell R. & Rajgopal, Shiva, 2005. "The economic implications of corporate financial reporting," Journal of Accounting and Economics, Elsevier, vol. 40(1-3), pages 3-73, December.
    3. Allen H. Huang & Jianghua Shen & Amy Y. Zang, 2022. "The unintended benefit of the risk factor mandate of 2005," Review of Accounting Studies, Springer, vol. 27(4), pages 1319-1355, December.
    4. Hans B. Christensen & Luzi Hail & Christian Leuz, 2021. "Mandatory CSR and sustainability reporting: economic analysis and literature review," Review of Accounting Studies, Springer, vol. 26(3), pages 1176-1248, September.
    5. Imhof, Michael J & Seavey, Scott E., 2018. "How investors value cash and cash flows when managers commit to providing earnings forecasts," Advances in accounting, Elsevier, vol. 41(C), pages 74-87.
    6. Billings, Mary Brooke & Cedergren, Matthew C., 2015. "Strategic silence, insider selling and litigation risk," Journal of Accounting and Economics, Elsevier, vol. 59(2), pages 119-142.
    7. Iatridis, George & Valahi, Styliani, 2010. "Voluntary IAS 1 accounting disclosures prior to official IAS adoption: An empirical investigation of UK firms," Research in International Business and Finance, Elsevier, vol. 24(1), pages 1-14, January.
    8. Richard Chung & Bryan Byung-Hee Lee & Woo-Jong Lee & Byungcherl Charlie Sohn, 2016. "Do Managers Withhold Good News from Labor Unions?," Management Science, INFORMS, vol. 62(1), pages 46-68, January.
    9. Inder K. Khurana & Yinghua Li & Wei Wang, 2018. "The Effects of Hedge Fund Interventions on Strategic Firm Behavior," Management Science, INFORMS, vol. 64(9), pages 4094-4117, September.
    10. Ling Tuo & Ji Yu & Yu Zhang, 2020. "How do industry peers influence individual firms’ voluntary disclosure strategies?," Review of Quantitative Finance and Accounting, Springer, vol. 54(3), pages 911-956, April.
    11. Habib, Ahsan & Jiang, Haiyan & Bhuiyan, Md. Borhan Uddin & Islam, Ainul, 2014. "Litigation risk, financial reporting and auditing: A survey of the literature," Research in Accounting Regulation, Elsevier, vol. 26(2), pages 145-163.
    12. Nikolaev, V. & van Lent, L.A.G.M., 2005. "The Endogeneity Bias in the Relation Between Cost-of-Debt Capital and Corporate Disclosure Policy," Other publications TiSEM 5960a342-0adc-4f85-bf87-2, Tilburg University, School of Economics and Management.
    13. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    14. Beyer, Anne & Cohen, Daniel A. & Lys, Thomas Z. & Walther, Beverly R., 2010. "The financial reporting environment: Review of the recent literature," Journal of Accounting and Economics, Elsevier, vol. 50(2-3), pages 296-343, December.
    15. Schoenfeld, Jordan, 2017. "The effect of voluntary disclosure on stock liquidity: New evidence from index funds," Journal of Accounting and Economics, Elsevier, vol. 63(1), pages 51-74.
    16. Heitzman, Shane & Wasley, Charles & Zimmerman, Jerold, 2010. "The joint effects of materiality thresholds and voluntary disclosure incentives on firms' disclosure decisions," Journal of Accounting and Economics, Elsevier, vol. 49(1-2), pages 109-132, February.
    17. Chauhan, Yogesh & Kumar, Surya B., 2018. "Do investors value the nonfinancial disclosure in emerging markets?," Emerging Markets Review, Elsevier, vol. 37(C), pages 32-46.
    18. Chen, Zhihong & Li, Oliver Zhen & Zou, Hong, 2016. "Directors׳ and officers׳ liability insurance and the cost of equity," Journal of Accounting and Economics, Elsevier, vol. 61(1), pages 100-120.
    19. Nikolaev, V. & van Lent, L.A.G.M., 2005. "The Endogeneity Bias in the Relation Between Cost-of-Debt Capital and Corporate Disclosure Policy," Discussion Paper 2005-67, Tilburg University, Center for Economic Research.
    20. Qiang Cheng & Young Jun Cho & Jae B. Kim, 2021. "Managers’ pay duration and voluntary disclosures," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 48(7-8), pages 1332-1367, July.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:kap:jbuset:v:187:y:2023:i:1:d:10.1007_s10551-022-05107-z. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.