IDEAS home Printed from https://ideas.repec.org/a/pal/ijodag/v20y2023i4d10.1057_s41310-023-00190-8.html
   My bibliography  Save this article

Cybersecurity disclosure in the banking industry: a comparative study

Author

Listed:
  • Maryam Firoozi

    (Carleton University)

  • Sana Mohsni

    (Carleton University)

Abstract

The recurrence of cyberattacks on businesses in the last decade has attracted significant attention from policy makers and market participants to the importance of corporations’ responsibility and transparency on cybersecurity. In this study, we investigate cybersecurity disclosure made by the 48 largest Canadian and US banks from 2014 to 2020, using an exploratory qualitative approach. The banking industry has been a major target of cyberattacks due to the critical data that it contains. We first develop an index based on previous literature, current policies on cybersecurity disclosure and consultation with academics and practitioners. We then use the index to manually code bank reports related to cybersecurity. Afterward, we investigate the content of the disclosures in detail and discuss the level of compliance with the index. We then critically discuss banks’ disclosure behaviors using proprietary cost, signaling and legitimacy theories and provide recommendations for policy makers and other stakeholders.

Suggested Citation

  • Maryam Firoozi & Sana Mohsni, 2023. "Cybersecurity disclosure in the banking industry: a comparative study," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 20(4), pages 451-477, December.
  • Handle: RePEc:pal:ijodag:v:20:y:2023:i:4:d:10.1057_s41310-023-00190-8
    DOI: 10.1057/s41310-023-00190-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41310-023-00190-8
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.

    File URL: https://libkey.io/10.1057/s41310-023-00190-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    2. Beretta, Sergio & Bozzolan, Saverio, 2004. "Reply to: Discussions of "A framework for the analysis of firm risk communication"," The International Journal of Accounting, Elsevier, vol. 39(3), pages 303-305.
    3. Dye, Ra, 1985. "Disclosure Of Nonproprietary Information," Journal of Accounting Research, Wiley Blackwell, vol. 23(1), pages 123-145.
    4. Vivien Beattie & Bill McInnes & Stella Fearnley, 2004. "A methodology for analysing and evaluating narratives in annual reports: a comprehensive descriptive profile and metrics for disclosure quality attributes," Accounting Forum, Taylor & Francis Journals, vol. 28(3), pages 205-236, September.
    5. Ole-Kristian Hope & Danqi Hu & Hai Lu, 2016. "The benefits of specific risk-factor disclosures," Review of Accounting Studies, Springer, vol. 21(4), pages 1005-1045, December.
    6. Diamond, Douglas W & Verrecchia, Robert E, 1991. "Disclosure, Liquidity, and the Cost of Capital," Journal of Finance, American Finance Association, vol. 46(4), pages 1325-1359, September.
    7. Verrecchia, Robert E., 1983. "Discretionary disclosure," Journal of Accounting and Economics, Elsevier, vol. 5(1), pages 179-194, April.
    8. Sylvie Héroux & Anne Fortin, 2020. "Cybersecurity Disclosure by the Companies on the S&P/TSX 60 Index," Accounting Perspectives, John Wiley & Sons, vol. 19(2), pages 73-100, June.
    9. Abraham, Santhosh & Shrives, Philip J., 2014. "Improving the relevance of risk factor disclosure in corporate annual reports," The British Accounting Review, Elsevier, vol. 46(1), pages 91-107.
    10. repec:eme:maj000:maj-09-2018-2004 is not listed on IDEAS
    11. Li, Yanqiong & He, Jie & Xiao, Min, 2019. "Risk disclosure in annual reports and corporate investment efficiency," International Review of Economics & Finance, Elsevier, vol. 63(C), pages 138-151.
    12. Noel Brown & Craig Deegan, 1998. "The public disclosure of environmental performance information—a dual test of media agenda setting theory and legitimacy theory," Accounting and Business Research, Taylor & Francis Journals, vol. 29(1), pages 21-41.
    13. Stephen V. Brown & Xiaoli (Shaolee) Tian & Jennifer Wu Tucker, 2018. "The Spillover Effect of SEC Comment Letters on Qualitative Corporate Disclosure: Evidence from the Risk Factor Disclosure," Contemporary Accounting Research, John Wiley & Sons, vol. 35(2), pages 622-656, June.
    14. Yang Bao & Anindya Datta, 2014. "Simultaneously Discovering and Quantifying Risk Types from Textual Risk Disclosures," Management Science, INFORMS, vol. 60(6), pages 1371-1391, June.
    15. Elina Haapamäki & Jukka Sihvonen, 2019. "Cybersecurity in accounting research," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 34(7), pages 808-834, July.
    16. Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    17. Beretta, Sergio & Bozzolan, Saverio, 2004. "A framework for the analysis of firm risk communication," The International Journal of Accounting, Elsevier, vol. 39(3), pages 265-288.
    18. Camélia Radu & Nadia Smaili, 2022. "Correction to: Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 375-375, May.
    19. Li, He & No, Won Gyun & Wang, Tawei, 2018. "SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors," International Journal of Accounting Information Systems, Elsevier, vol. 30(C), pages 40-55.
    20. Tamer Elshandidy & Philip J. Shrives & Matt Bamber & Santhosh Abraham, 2018. "Risk reporting: A review of the literature and implications for future research✩," Journal of Accounting Literature, Emerald Group Publishing Limited, vol. 40(1), pages 54-82, January.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Düsterhöft, Maximilian & Schiemann, Frank & Walther, Thomas, 2023. "Let’s talk about risk! Stock market effects of risk disclosure for European energy utilities," Energy Economics, Elsevier, vol. 125(C).
    2. Elshandidy, Tamer & Shrives, Philip J., 2016. "Environmental Incentives for and Usefulness of Textual Risk Reporting: Evidence from Germany," The International Journal of Accounting, Elsevier, vol. 51(4), pages 464-486.
    3. Wang, Sumingyue & Wang, Xinlu & Xu, Liang, 2023. "Debt maturity structure and the quality of risk disclosures," Journal of Corporate Finance, Elsevier, vol. 83(C).
    4. Agbodoh-Falschau, Kouassi Raymond & Ravaonorohanta, Bako Harinivo, 2023. "Investigating the influence of governance determinants on reporting cybersecurity incidents to police: Evidence from Canadian organizations’ perspectives," Technology in Society, Elsevier, vol. 74(C).
    5. Ibrahim, Awad Elsayed Awad & Hussainey, Khaled & Nawaz, Tasawar & Ntim, Collins & Elamer, Ahmed, 2022. "A systematic literature review on risk disclosure research: State-of-the-art and future research agenda," International Review of Financial Analysis, Elsevier, vol. 82(C).
    6. Moumen, Néjia & Ben Othman, Hakim & Hussainey, Khaled, 2015. "The value relevance of risk disclosure in annual reports: Evidence from MENA emerging markets," Research in International Business and Finance, Elsevier, vol. 34(C), pages 177-204.
    7. Ott, Christian, 2020. "The risks of mergers and acquisitions—Analyzing the incentives for risk reporting in Item 1A of 10-K filings," Journal of Business Research, Elsevier, vol. 106(C), pages 158-181.
    8. Hassanein, Ahmed, 2022. "Risk reporting and stock return in the UK: Does market competition Matter?," The North American Journal of Economics and Finance, Elsevier, vol. 59(C).
    9. Shivaani, M.V. & Agarwal, Nishant, 2020. "Does competitive position of a firm affect the quality of risk disclosure?," Pacific-Basin Finance Journal, Elsevier, vol. 61(C).
    10. Francesco De Luca & Ho-Tan-Phat Phan, 2019. "Informativeness Assessment of Risk and Risk-Management Disclosure in Corporate Reporting: An Empirical Analysis of Italian Large Listed Firms," FINANCIAL REPORTING, FrancoAngeli Editore, vol. 2019(2), pages 9-41.
    11. Shrives, Philip J. & Brennan, Niamh M., 2015. "A typology for exploring the quality of explanations for non-compliance with UK corporate governance regulations," The British Accounting Review, Elsevier, vol. 47(1), pages 85-99.
    12. Elsayed, Mohamed & Elshandidy, Tamer, 2021. "Internal control effectiveness, textual risk disclosure, and their usefulness: U.S. evidence," Advances in accounting, Elsevier, vol. 53(C).
    13. Angus W. H. Yip & William Y. P. Yu, 2023. "The Quality of Environmental KPI Disclosure in ESG Reporting for SMEs in Hong Kong," Sustainability, MDPI, vol. 15(4), pages 1-26, February.
    14. Mohammed Mahmud Kakanda, & Basariah Salim, & Sitraselvi Chandren,, 2017. "Do board characteristics and risk management disclosure have any effect on firm performance? Empirical evidence from Deposit Money Banks (DMBs) in Nigeria," Business and Economic Horizons (BEH), Prague Development Center, vol. 13(4), pages 506-521, October.
    15. Miihkinen, Antti, 2013. "The usefulness of firm risk disclosures under different firm riskiness, investor-interest, and market conditions: New evidence from Finland," Advances in accounting, Elsevier, vol. 29(2), pages 312-331.
    16. Tariq H. Ismail & Yousra R. Obiedallah, 2022. "Firm performance and cost of equity capital: the moderating role of narrative risk disclosure quality in Egypt," Future Business Journal, Springer, vol. 8(1), pages 1-19, December.
    17. Kim, Hyonok & Yasuda, Yukihiro, 2018. "Business risk disclosure and firm risk: Evidence from Japan," Research in International Business and Finance, Elsevier, vol. 45(C), pages 413-426.
    18. Stefania Veltri & Francesco De Luca & Ho‐Tan‐Phat Phan, 2020. "Do investors value companies' mandatory nonfinancial risk disclosure? An empirical analysis of the Italian context after the EU Directive," Business Strategy and the Environment, Wiley Blackwell, vol. 29(6), pages 2226-2237, September.
    19. Mirela Elena Nichita & Marcel VULPOI, 2016. "Relationship between risk and transparency in the financial statements of professional services entities," The Audit Financiar journal, Chamber of Financial Auditors of Romania, vol. 14(137), pages 540-540, April.
    20. Kim, Hyonok & Fukukawa, Hironori & Routledge, James, 2020. "A comparison of management and auditor going concern risk disclosure: Evidence from regulatory change in Japan," Working Paper Series 234, Management Innovation Research Center, School of Business Administration, Hitotsubashi University Business School.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:ijodag:v:20:y:2023:i:4:d:10.1057_s41310-023-00190-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.palgrave.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.