Talk too much? The Impact of Cybersecurity Disclosures on Investment Decisions

Talk too much? The Impact of Cybersecurity Disclosures on Investment Decisions

High-profile cybersecurity breaches have raised concerns regarding how organizations disclose security management information to the public. The American Institute of Certified Public Accountants (AICPA) developed a cybersecurity risk management (CSRM) reporting framework to better help organization...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Communications of the Association for Information Systems 2022, Vol.50 (1), p.481-485
Hauptverfasser: Cheng, Xu, Hsu, Carol, Wang, Tawei (David)
Format: Artikel
Sprache:eng
Schlagworte:
Accountants
CPAs
Cybersecurity
Decisions
Digital libraries
Disclosure
Hypotheses
Information management
Information systems
Investments
Management reports
Organizations
Risk management
Securities markets
Security management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:High-profile cybersecurity breaches have raised concerns regarding how organizations disclose security management information to the public. The American Institute of Certified Public Accountants (AICPA) developed a cybersecurity risk management (CSRM) reporting framework to better help organizations convey their cybersecurity programs to the public. In this article, we attempt to provide evidence of how cybersecurity disclosures, as developed by AICPA, affect investment decisions. Our findings suggest that nonprofessional investors are less likely to invest in breached firms with the disclosure of CSRM reports alone. Disclosing the risk management report with an independent assurance report does not result in the mitigation of the negative impact of security breach news. We discuss the corresponding implications.
ISSN:1529-3181
1529-3181
DOI:10.17705/1CAIS.05022