IDEAS home Printed from https://ideas.repec.org/a/eee/ijoais/v38y2020ics1467089520300361.html

Public companies' cybersecurity risk disclosures

Author

Listed:
  • Gao, Lei
  • Calderon, Thomas G.
  • Tang, Fengchun

Abstract

Though cybersecurity risks are significant and could materially affect business operations and the integrity of financial reporting, there is limited empirical research on the cybersecurity risk disclosure trends and practices of public companies. In this study, we conduct a longitudinal study of the content and linguistic characteristics of public companies' cybersecurity risk disclosure practices as well as factors that may drive disclosure trends. The results show that the two most commonly disclosed cybersecurity risks are risks of service/operation disruption and risks of data breach. Item 1A of the 10-K Report is the most commonly used disclosure location, but some companies also use Items 1 and 7 to disclose regulation risks and cyber incidents, respectively. The length of cybersecurity risk disclosures increases linearly during the period of our study. This increase is associated with the issuance of SEC guidance (2011 and 2018), industry, overall cybersecurity risks in the general environment, company size, and prior cybersecurity breach incidents. Disclosures have also become more difficult to read in general. They are more difficult to read as firm size increases and are easier to read as the proportion of intangible assets increases or after an executive change. Firms have increased their usage of litigious words in their disclosures. Bigger firms, on average, tend to use less litigious language, but companies in industries with high business information technology intensity (e.g., consumer services, software and services, and banking) tend to use more litigious language than other companies.

Suggested Citation

  • Gao, Lei & Calderon, Thomas G. & Tang, Fengchun, 2020. "Public companies' cybersecurity risk disclosures," International Journal of Accounting Information Systems, Elsevier, vol. 38(C).
    • Handle: RePEc:eee:ijoais:v:38:y:2020:i:c:s1467089520300361
    DOI: 10.1016/j.accinf.2020.100468
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1467089520300361
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.accinf.2020.100468?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Merve Kılıç & Cemil Kuzey, 2018. "Determinants of forward-looking disclosures in integrated reporting," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(1), pages 115-144, January.
    2. Kristina Rennekamp, 2012. "Processing Fluency and Investors’ Reactions to Disclosure Readability," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 50(5), pages 1319-1354, December.
    3. Dulacha G. Barako & Phil Hancock & H. Y. Izan, 2006. "Factors Influencing Voluntary Corporate Disclosure by Kenyan Companies," Corporate Governance: An International Review, Wiley Blackwell, vol. 14(2), pages 107-125, March.
    4. Leuz, C & Verrecchia, RE, 2000. "The economic consequences of increased disclosure," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 38, pages 91-124.
    5. Kathleen Weiss Hanley & Gerard Hoberg, 2019. "Dynamic Interpretation of Emerging Risks in the Financial Sector," The Review of Financial Studies, Society for Financial Studies, vol. 32(12), pages 4543-4603.
    6. Brian J. Bushee & Ian D. Gow & Daniel J. Taylor, 2018. "Linguistic Complexity in Firm Disclosures: Obfuscation or Information?," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 56(1), pages 85-121, March.
    7. Karen K. Nelson & A. C. Pritchard, 2016. "Carrot or Stick? The Shift from Voluntary to Mandatory Disclosure of Risk Factors," Journal of Empirical Legal Studies, John Wiley & Sons, vol. 13(2), pages 266-297, June.
    8. Doris M. Merkl-Davies & Niamh Brennan, 2007. "Discretionary disclosure strategies in corporate narratives : incremental information or impression management?," Open Access publications 10197/2907, Research Repository, University College Dublin.
    9. Harold Hassink & Meinderd Vries & Laury Bollen, 2007. "A Content Analysis of Whistleblowing Policies of Leading European Companies," Journal of Business Ethics, Springer, vol. 75(1), pages 25-44, September.
    10. Lori Holder-Webb & Jeffrey Cohen & Leda Nath & David Wood, 2009. "The Supply of Corporate Social Responsibility Disclosures Among U.S. Firms," Journal of Business Ethics, Springer, vol. 84(4), pages 497-527, February.
    11. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    12. Field, Laura & Lowry, Michelle & Shu, Susan, 2005. "Does disclosure deter or trigger litigation?," Journal of Accounting and Economics, Elsevier, vol. 39(3), pages 487-507, September.
    13. Hooks, Jill & van Staden, Chris J., 2011. "Evaluating environmental disclosures: The relationship between quality and extent measures," The British Accounting Review, Elsevier, vol. 43(3), pages 200-213.
    14. Hany Elzahar & Khaled Hussainey, 2012. "Determinants of narrative risk disclosures in UK interim reports," Journal of Risk Finance, Emerald Group Publishing, vol. 13(2), pages 133-147, February.
    15. Anil Arya & Brian Mittendorf & Dae‐Hee Yoon, 2019. "Public Disclosures in the Presence of Suppliers and Competitors," Contemporary Accounting Research, John Wiley & Sons, vol. 36(2), pages 758-772, June.
    16. Bloomfield, Robert, 2008. "Discussion of "Annual report readability, current earnings, and earnings persistence"," Journal of Accounting and Economics, Elsevier, vol. 45(2-3), pages 248-252, August.
    17. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    18. Yang Bao & Anindya Datta, 2014. "Simultaneously Discovering and Quantifying Risk Types from Textual Risk Disclosures," Management Science, INFORMS, vol. 60(6), pages 1371-1391, June.
    19. Tim Loughran & Bill Mcdonald, 2016. "Textual Analysis in Accounting and Finance: A Survey," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 54(4), pages 1187-1230, September.
    20. Hichem Khlif & Khaled Hussainey, 2016. "The association between risk disclosure and firm characteristics: a meta-analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(2), pages 181-211, February.
    21. Tzu‐Ting Chiu & Jeong‐Bon Kim & Zheng Wang, 2019. "Customers’ Risk Factor Disclosures and Suppliers’ Investment Efficiency," Contemporary Accounting Research, John Wiley & Sons, vol. 36(2), pages 773-804, June.
    22. Tim Loughran & Bill Mcdonald, 2011. "When Is a Liability Not a Liability? Textual Analysis, Dictionaries, and 10‐Ks," Journal of Finance, American Finance Association, vol. 66(1), pages 35-65, February.
    23. Hasseldine, J. & Salama, A.I. & Toms, J.S., 2005. "Quantity versus quality: the impact of environmental disclosures on the reputations of UK Plcs," The British Accounting Review, Elsevier, vol. 37(2), pages 231-248.
    24. Jonas Oliveira & Lúcia Lima Rodrigues & Russell Craig, 2011. "Risk-related disclosures by non-finance companies: Portuguese practices and disclosure characteristics," Managerial Auditing Journal, Emerald Group Publishing, vol. 26(9), pages 817-839, October.
    25. Beck, A. Cornelia & Campbell, David & Shrives, Philip J., 2010. "Content analysis in environmental reporting research: Enrichment and rehearsal of the method in a British–German context," The British Accounting Review, Elsevier, vol. 42(3), pages 207-222.
    26. Michael Spence, 1973. "Job Market Signaling," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 87(3), pages 355-374.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hamzeh Al Amosh & Saleh F. A. Khatib, 2025. "Cybersecurity Transparency and Firm Success: Insights From the Australian Landscape," Australian Economic Papers, Wiley Blackwell, vol. 64(2), pages 189-204, June.
    2. Wang, Jimin & Ho, Choy Yeing (Chloe) & Shan, Yuan George, 2024. "Does cybersecurity risk stifle corporate innovation activities?," International Review of Financial Analysis, Elsevier, vol. 91(C).
    3. Jing Chen & Elaine Henry & Xi Jiang, 2023. "Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach," Journal of Business Ethics, Springer, vol. 187(1), pages 199-224, September.
    4. Trinh, Vu Quang & Elnahass, Marwa & Pasiouras, Fotios, 2025. "Personal traits of CEOs and cybersecurity-related disclosure," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 58(C).
    5. Boguslawa Bek-Gaik & Anna Surowiec, 2024. "Disclosures on Cybersecurity, Cyber Risks, and Information Security in Non-Financial Reports of Polish Companies," European Research Studies Journal, European Research Studies Journal, vol. 0(4), pages 1513-1535.
    6. Maryam Firoozi & Sana Mohsni, 2023. "Cybersecurity disclosure in the banking industry: a comparative study," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 20(4), pages 451-477, December.
    7. Ahmad Yuosef Alodat & Yunhong Hao & Haitham Nobanee & Hazem Ali & Marwan Mansour & Hamzeh Al Amosh, 2025. "Board characteristics and cybersecurity disclosure: evidence from the UK," Electronic Commerce Research, Springer, vol. 25(6), pages 4717-4735, December.
    8. Demek, Kristina C. & Kaplan, Steven E., 2023. "Cybersecurity breaches and investors’ interest in the firm as an investment," International Journal of Accounting Information Systems, Elsevier, vol. 49(C).
    9. Chelsea Liu & Muhammad Ali Babar, 2026. "Corporate cybersecurity risk and data breaches: A systematic review of empirical research," Australian Journal of Management, Australian School of Business, vol. 51(1), pages 62-92, February.
    10. Marwa Elnahass & Yousry Ahmed & Vu Quang Trinh, 2025. "Empowering Women to Lead Cybersecurity: The Effect of Female Executives on Disclosure Sentiment," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 30(4), pages 3368-3394, October.
    11. Patel, Pankaj C., 2025. "Anchored by reliability, swayed by institutional forces: Cybersecurity risk deviance from industry norms and its contingencies on risk and volatility," Journal of Business Research, Elsevier, vol. 199(C).
    12. Huy Viet Hoang, 2025. "Who Pays for Cybersecurity? Corporate Dividends in Response to Cybersecurity Risk in US Firms," Journal of the Knowledge Economy, Springer;Portland International Center for Management of Engineering and Technology (PICMET), vol. 16(6), pages 18085-18123, December.
    13. Nataliya Struk, 2026. "Assessment of Cybersecurity of Accounting Information in the Innovative Activities of Agricultural Enterprises," Oblik i finansi, Institute of Accounting and Finance, issue 1, pages 57-70, March.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nerissa C. Brown & Richard M. Crowley & W. Brooke Elliott, 2020. "What Are You Saying? Using topic to Detect Financial Misreporting," Journal of Accounting Research, John Wiley & Sons, Ltd., vol. 58(1), pages 237-291, March.
    2. Michele Gendelsky de Oliveira & Graça Azevedo & Jonas Oliveira, 2021. "The Relationship between the Company’s Value and the Tone of the Risk-Related Narratives: The Case of Portugal," Economies, MDPI, vol. 9(2), pages 1-28, May.
    3. Kyriaki Kosmidou & Dimitrios Kousenidis & Anestis Ladas & Christos Negkakis, 2024. "Climate‐related performance and stock price crash risk," Financial Markets, Institutions & Instruments, John Wiley & Sons, vol. 33(2), pages 113-148, May.
    4. Chen, Jean Jinghan & Song, Peiyang & Loi, Fai Lim, 2024. "Strategic forward-looking nonearnings disclosure and overinvestment," The British Accounting Review, Elsevier, vol. 56(6).
    5. Umar, Tarik, 2022. "Complexity aversion when SeekingAlpha," Journal of Accounting and Economics, Elsevier, vol. 73(2).
    6. Huang, Shirley Hsueh-Li & Hu, Guo-Hsin & Hsu, Ming-Fu, 2025. "Identifying contextual content-based risk drivers for advanced risk management strategies," Research in International Business and Finance, Elsevier, vol. 73(PB).
    7. F. Cappellieri & R. Vinciguerra & A. Ricciardi & M. Pizzo, 2025. "Independent minority directors against self-serving and manipulative practices in non- financial reporting," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 29(2), pages 453-501, June.
    8. Kevin Koh & Heather Li & Yen H. Tong, 2023. "Corporate social responsibility (CSR) performance and stakeholder engagement: Evidence from the quantity and quality of CSR disclosures," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 30(2), pages 504-517, March.
    9. Danial Hemmings & Lynn Hodgkinson & Gwion Williams, 2020. "It's OK to pay well, if you write well: The effects of remuneration disclosure readability," Journal of Business Finance & Accounting, Wiley Blackwell, vol. 47(5-6), pages 547-586, May.
    10. Jin, Zuben, 2024. "Business aspects in focus, investor underreaction and return predictability," Journal of Corporate Finance, Elsevier, vol. 84(C).
    11. Xi Fu & Xiaoxi Wu & Zhifang Zhang, 2021. "The Information Role of Earnings Conference Call Tone: Evidence from Stock Price Crash Risk," Journal of Business Ethics, Springer, vol. 173(3), pages 643-660, October.
    12. Mohamed Malek Belhoula & Naima Lassoued & Imen Khanchel & Dorsaf Ghraidi, 2026. "Beyond numbers: negative disclosure tone, bank risk, and ownership structure in Middle East and North African Banks," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 23(1), pages 224-239, March.
    13. Renato Camodeca & Alex Almici & Umberto Sagliaschi, 2018. "Sustainability Disclosure in Integrated Reporting: Does It Matter to Investors? A Cheap Talk Approach," Sustainability, MDPI, vol. 10(12), pages 1-34, November.
    14. Hossain, Amir & Bose, Sudipta & Shamsuddin, Abul, 2025. "Do integrated report readability and tone convey value relevant information? International evidence," Journal of Contemporary Accounting and Economics, Elsevier, vol. 21(3).
    15. Sharma, Shivani & Sharma, Udayan, 2025. "What does green bond prospectus communicate about credit spread?," Finance Research Letters, Elsevier, vol. 79(C).
    16. Soliman, Marwa & Ben-Amar, Walid, 2022. "Corporate social responsibility orientation and textual features of financial disclosures," International Review of Financial Analysis, Elsevier, vol. 84(C).
    17. Nadine Gatzert & Dinah Heidinger, 2020. "An Empirical Analysis of Market Reactions to the First Solvency and Financial Condition Reports in the European Insurance Industry," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 87(2), pages 407-436, June.
    18. de Souza, João Antônio Salvador & Rissatti, Jean Carlo & Rover, Suliani & Borba, José Alonso, 2019. "The linguistic complexities of narrative accounting disclosure on financial statements: An analysis based on readability characteristics," Research in International Business and Finance, Elsevier, vol. 48(C), pages 59-74.
    19. Simon Fritzsch & Philipp Scharner & Gregor Weiß, 2021. "Estimating the relation between digitalization and the market value of insurers," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 88(3), pages 529-567, September.
    20. Khaldoon Albitar & Tony Abdoush & Khaled Hussainey, 2023. "Do corporate governance mechanisms and ESG disclosure drive CSR narrative tones?," International Journal of Finance & Economics, John Wiley & Sons, Ltd., vol. 28(4), pages 3876-3890, October.

    More about this item

    Keywords

    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijoais:v:38:y:2020:i:c:s1467089520300361. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-accounting-information-systems/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.