Is corporate reputation associated with voluntary cybersecurity risk reporting?

Purpose - This study investigated the effect of voluntary cybersecurity risk reporting (VCRR) on corporate reputation. By examining the association between VCRR and corporate reputation, this study aims to provide exploratory evidence of how cybersecurity risk is sensitive to a company’s image and reputation. Design/methodology/approach - An automated content analysis of VCRR by 95 Bombay Stock Exchange-listed companies was undertaken using Python code. Signaling and legitimacy theories were adopted to interpret the findings, establishing whether VCRR was related to corporate reputation. Findings - The results confirm that VCRR improves the corporate reputation in the financial market. The results also confirm the signalling and legitimacy theory that a company can manage reputational risks through higher voluntary risk disclosure. Practical implications - The corporation’s managers can gain insights from the study’s findings and proactively address cybersecurity risks through strategic disclosure and management practices. In addition, organizations can recognize that investors value transparency and establish a positive reputation for those who communicate openly. Social implications - A significant association between VCRR and corporate reputation implies that such disclosures enhance trust and transparency in the business sector and induce security and accountability among investors engaging with the company. Originality/value - To the best of the authors’ knowledge, this study is the first that empirically investigates this issue and adds to the international literature a new explanatory variable, corporate reputation, to explain VCRR practices.