IDEAS home Printed from https://ideas.repec.org/a/bla/jrinsu/v89y2022i3p725-763.html
   My bibliography  Save this article

Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value

Author

Listed:
  • Nadine Gatzert
  • Madeline Schubert

Abstract

In this paper, we first construct a cyber risk consciousness score using a text mining algorithm, applied to annual reports of large‐ and mid‐cap US banks and insurers from 2011 to 2018. We next categorize the firms' cyber risk management based on keywords to study determinants and value‐relevance. Our results show an increasing cyber risk consciousness, regardless of the industry. In addition, for the entire sample we find that firms belonging to the banking industry, with a higher cyber risk consciousness score and a higher general risk awareness are more likely to implement cyber risk management, which also holds for both industries separately. We find the opposite in the case of profitable firms for the entire sample and the insurer subsample. Finally, we observe a significant positive relationship between cyber risk management and firm value measured by Tobin's Q for the entire sample and the subsamples of banks and insurers.

Suggested Citation

  • Nadine Gatzert & Madeline Schubert, 2022. "Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 89(3), pages 725-763, September.
    • Handle: RePEc:bla:jrinsu:v:89:y:2022:i:3:p:725-763
    DOI: 10.1111/jori.12381
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/jori.12381
    Download Restriction: no
    File URL: https://libkey.io/10.1111/jori.12381?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Corbet, Shaen & Gurdgiev, Constantin, 2019. "What the hack: Systematic risk contagion from cyber events," International Review of Financial Analysis, Elsevier, vol. 65(C).
    2. Ryan Baxter & Jean C. Bedard & Rani Hoitash & Ari Yezegel, 2013. "Enterprise Risk Management Program Quality: Determinants, Value Relevance, and the Financial Crisis," Contemporary Accounting Research, John Wiley & Sons, vol. 30(4), pages 1264-1295, December.
    3. Martin Eling & Werner Schnell, 2016. "What do we know about cyber risk and cyber risk insurance?," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 17(5), pages 474-491, November.
    4. Tim Loughran & Bill Mcdonald, 2016. "Textual Analysis in Accounting and Finance: A Survey," Journal of Accounting Research, Wiley Blackwell, vol. 54(4), pages 1187-1230, September.
    5. Lisa K. Meulbroek, 2002. "A Senior Manager'S Guide To Integrated Risk Management," Journal of Applied Corporate Finance, Morgan Stanley, vol. 14(4), pages 56-70, January.
    6. Brian W. Nocco & René M. Stulz, 2006. "Enterprise Risk Management: Theory and Practice," Journal of Applied Corporate Finance, Morgan Stanley, vol. 18(4), pages 8-20, September.
    7. Cummins, J. David & Lewis, Christopher M. & Wei, Ran, 2006. "The market value impact of operational loss events for US banks and insurers," Journal of Banking & Finance, Elsevier, vol. 30(10), pages 2605-2634, October.
    8. Donald Pagach & Richard Warr, 2011. "The Characteristics of Firms That Hire Chief Risk Officers," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 78(1), pages 185-211, March.
    9. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    10. Mitchell A. Petersen, 2009. "Estimating Standard Errors in Finance Panel Data Sets: Comparing Approaches," The Review of Financial Studies, Society for Financial Studies, vol. 22(1), pages 435-480, January.
    11. Kamiya, Shinichi & Kang, Jun-Koo & Kim, Jungmin & Milidonis, Andreas & Stulz, René M., 2021. "Risk management, firm reputation, and the impact of successful cyberattacks on target firms," Journal of Financial Economics, Elsevier, vol. 139(3), pages 719-749.
    12. André P. Liebenberg & Robert E. Hoyt, 2003. "The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(1), pages 37-52, February.
    13. Christian Biener & Martin Eling & Jan Hendrik Wirfs, 2015. "Insurability of Cyber Risk: An Empirical Analysis†," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 40(1), pages 131-158, January.
    14. Froot, Kenneth A & Scharfstein, David S & Stein, Jeremy C, 1993. "Risk Management: Coordinating Corporate Investment and Financing Policies," Journal of Finance, American Finance Association, vol. 48(5), pages 1629-1658, December.
    15. Martin Eling & David Antonius Pankoke, 2016. "Systemic Risk in the Insurance Sector: A Review and Directions for Future Research," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 19(2), pages 249-284, September.
    16. Philipp Lechner & Nadine Gatzert, 2018. "Determinants and value of enterprise risk management: empirical evidence from Germany," The European Journal of Finance, Taylor & Francis Journals, vol. 24(10), pages 867-887, July.
    17. Robert E. Hoyt & Andre P. Liebenberg, 2011. "The Value of Enterprise Risk Management," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 78(4), pages 795-822, December.
    18. Heidinger, Dinah & Gatzert, Nadine, 2018. "Awareness, determinants and value of reputation risk management: Empirical evidence from the banking and insurance industry," Journal of Banking & Finance, Elsevier, vol. 91(C), pages 106-118.
    19. Alexander Bohnert & Nadine Gatzert & Robert E. Hoyt & Philipp Lechner, 2019. "The drivers and value of enterprise risk management: evidence from ERM ratings," The European Journal of Finance, Taylor & Francis Journals, vol. 25(3), pages 234-255, February.
    20. Kevin M. Gatzlaff & Kathleen A. McCullough, 2010. "The Effect of Data Breaches on Shareholder Wealth," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 13(1), pages 61-83, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Martin Boyer & Martin Eling, 2023. "New advances on cyber risk and cyber insurance," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 267-274, April.
    2. Ben Kejwang, 2022. "Effect of cybersecurity risk management practices on performance of insurance sector: A review of literature," International Journal of Research in Business and Social Science (2147-4478), Center for the Strategic Studies in Business and Finance, vol. 11(6), pages 334-340, September.
    3. Serkan Eti & Hasan Dinçer & Hasan Meral & Serhat Yüksel & Yaşar Gökalp, 2024. "Insurtech in Europe: identifying the top investment priorities for driving innovation," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 10(1), pages 1-24, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Heidinger, Dinah & Gatzert, Nadine, 2018. "Awareness, determinants and value of reputation risk management: Empirical evidence from the banking and insurance industry," Journal of Banking & Finance, Elsevier, vol. 91(C), pages 106-118.
    2. Chen, Yu-Lun & Chuang, Yi-Wei & Huang, Hong-Gia & Shih, Jhuan-Yu, 2020. "The value of implementing enterprise risk management: Evidence from Taiwan’s financial industry," The North American Journal of Economics and Finance, Elsevier, vol. 54(C).
    3. Al-Amri, Khalid & Davydov, Yevgeniy, 2016. "Testing the effectiveness of ERM: Evidence from operational losses," Journal of Economics and Business, Elsevier, vol. 87(C), pages 70-82.
    4. José Ruiz-Canela López, 2021. "How Can Enterprise Risk Management Help in Evaluating the Operational Risks for a Telecommunications Company?," JRFM, MDPI, vol. 14(3), pages 1-26, March.
    5. Alessandra Allini & Raffaela Casciello & Marco Maffei & Martina Prisco, 2022. "The national culture as a determinant of ERM quality: Empirical evidence in the European banking context," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2022(1), pages 79-102.
    6. Ivana Dvorski Lacković & Nataša Kurnoga & Danijela Miloš Sprčić, 2022. "Three-factor model of Enterprise Risk Management implementation: exploratory study of non-financial companies," Risk Management, Palgrave Macmillan, vol. 24(2), pages 101-122, June.
    7. Nguyen, Duc Khuong & Vo, Dinh-Tri, 2020. "Enterprise risk management and solvency: The case of the listed EU insurers," Journal of Business Research, Elsevier, vol. 113(C), pages 360-369.
    8. Danijela Miloš Sprčić & Marina Mešin Žagar & Željko Šević & Mojca Marc, 2016. "Does enterprise risk management influence market value – A long-term perspective," Risk Management, Palgrave Macmillan, vol. 18(2), pages 65-88, August.
    9. Nadine Gatzert & Philipp Reichel, 2022. "Awareness of climate risks and opportunities: empirical evidence on determinants and value from the U.S. and European insurance industry," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(1), pages 5-26, January.
    10. Malik, Muhammad Farhan & Zaman, Mahbub & Buckby, Sherrena, 2020. "Enterprise risk management and firm performance: Role of the risk committee," Journal of Contemporary Accounting and Economics, Elsevier, vol. 16(1).
    11. Naciye Sekerci & Don Pagach, 2020. "Firm Ownership and Enterprise Risk Management Implementation: Evidence from the Nordic Region," JRFM, MDPI, vol. 13(9), pages 1-21, September.
    12. Evan M. Eastman & Jianren Xu, 2021. "Market reactions to enterprise risk management adoption, incorporation by rating agencies, and ORSA Act passage," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(2), pages 151-180, June.
    13. David M. Pooser & Mark J. Browne & Oleksandra Arkhangelska, 2018. "Growth in the Perception of Cyber Risk: Evidence from U.S. P&C Insurers," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 43(2), pages 208-223, April.
    14. Therese R. Viscelli & Mark S. Beasley & Dana R. Hermanson, 2016. "Research Insights About Risk Governance," SAGE Open, , vol. 6(4), pages 21582440166, November.
    15. Johnston, Joseph & Soileau, Jared, 2020. "Enterprise risk management and accruals estimation error," Journal of Contemporary Accounting and Economics, Elsevier, vol. 16(3).
    16. Rami Shaheen & Mehmet Ağa & Husam Rjoub & Ahmad Abualrub, 2020. "Investigation of the Pillars of Sustainability Risk Management as an Extension of Enterprise Risk Management on Palestinian Insurance Firms’ Profitability," Sustainability, MDPI, vol. 12(11), pages 1-20, June.
    17. Barakat, Ahmed & Chernobai, Anna & Wahrenburg, Mark, 2014. "Information asymmetry around operational risk announcements," Journal of Banking & Finance, Elsevier, vol. 48(C), pages 152-179.
    18. Sorin Gabriel Anton & Anca Elena Afloarei Nucu, 2020. "Enterprise Risk Management: A Literature Review and Agenda for Future Research," JRFM, MDPI, vol. 13(11), pages 1-22, November.
    19. Florio, Cristina & Leoni, Giulia, 2017. "Enterprise risk management and firm performance: The Italian case," The British Accounting Review, Elsevier, vol. 49(1), pages 56-74.
    20. Elisabetta Mafrolla & Felice Matozza, 2014. "Risk management and firm size: a survey of Italian private companies," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2014(3), pages 87-108.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bla:jrinsu:v:89:y:2022:i:3:p:725-763. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://edirc.repec.org/data/ariaaea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.