Cybersecurity Disclosure by the Companies on the S&amp;P/TSX 60 Index

Héroux, Sylvie; Fortin, Anne

doi:10.1111/1911-3838.12220

Cited by 14 publications

(28 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Following the SEC's footsteps, Canadian Securities Administrator (CSA) emphasized the cybersecurity issued a notice in 2016 to the issuers, registrants and regulated entities guiding CSD (Radu and Smaili, 2021). Based on a content analysis of various Canadian companies' disclosures (e.g., annual information forms, annual and quarterly MD&A), Héroux and Fortin (2020) demonstrated that level of CSD is low, and the information is often generic.…”

Section: Research On Csd: Literature Reviewmentioning

confidence: 99%

“…The sample period starts from 2014 as the concept of CSD is relatively new in the global context. Prior studies (e.g., Gao et al, 2020;Héroux and Fortin, 2020;Radu and Smaili, 2021) noted that CSD as a reporting practice became more pronounced between 2016 to 2018. 3 Also, as evidenced by Mazumder and Sobhan (2021), the focus on cyber risk governance and disclosures in Bangladesh got significant momentum after the BB heist in 2016.…”

Section: Samplementioning

confidence: 99%

“…In order to examine the relationship between CSD and board composition, a multiple linear regression model is used. The study estimates the following fixed-effect (year) regression model for testing the hypotheses framed in this study 4 : 𝐶𝑆𝐷 , = 𝛼 + 𝛽 𝐵𝑆𝐼𝑍𝐸 , + 𝛽 𝐵𝐼𝑁𝐷 , + 𝛽 𝐵𝐺𝐷𝐼𝑉 , + 𝛾 𝑆𝐼𝑍𝐸 , + 𝛾 𝐺𝑅𝑂𝑊𝑇𝐻 , + 𝛾 𝑃𝑅𝑂𝐹𝐼𝑇 , + 𝛾 𝐿𝐸𝑉 , + 𝛾 𝐼𝑁𝑆𝑇 , + 𝛾 𝐹𝑂𝑅𝐸𝐼𝐺𝑁 , + 𝛾 𝐼𝑆𝐿𝐴𝑀 + 𝛿 𝑌𝑒𝑎𝑟 + 𝜀 , 3 Although the US SEC provided indicative guidance on the CSD in 2011, interpretive and detailed guidance was issued on February 21, 2018 to promote explicit and robust CSD (Gao et al, 2020;Héroux and Fortin, 2020). The guidance reinforces and carries more weight than the guidance provided in 2011 (EY, 2018).…”

Section: Empirical Model Specificationmentioning

confidence: 99%

“…In recent years, regulatory bodies in the USA and Canada also highlighted the importance of cybersecurity disclosures and provided detailed guidance (Gao et al, 2020;Héroux and Fortin, 2020;Radu and Smaili, 2021). As part of their oversight responsibilities, board members are expected to become more engaged and take a proactive role to understand and manage cybersecurity risks throughout their company (EY, 2018(EY, , 2021Mohan et al, 2021;Radu and Smaili, 2021).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Voluntary cybersecurity disclosure in the banking industry of Bangladesh: does board composition matter?

Mazumder

Hossain

2022

JAEE

View full text Add to dashboard Cite

PurposeCybersecurity disclosure (CSD) provides users with valuable information and significant insights about a firm's susceptibility to cyber risk and its management. It is argued that the board of directors, with its oversight role, should be vigilant in managing cyber risk and disclosures. This study aims to measure the extent of CSD of the banking companies and examines the association between the characteristics of board composition (i.e. board size, board independence and gender diversity) and CSD.Design/methodology/approachThis study adopted automated content analysis to find out the extent of CSD in the listed commercial banks of an emerging country, Bangladesh, where CSD is voluntary. Further, multiple linear regression is applied to determine the relationship between board composition and CSD.FindingsThe findings reveal an increasing trend of CSD over the sample period (2014–2020). The study confirms a significant positive relationship between board independence and CSD. The study also demonstrates that the higher presence of female directors on the board is associated with higher CSD. However, no consistently significant relationship is found between board size and CSD.Research limitationsThe study is based on listed banking companies only. Hence, the results can not be generalised to companies in other sectors. Also, it is important to acknowledge that we focused on the quantity (not the quality) of CSD contained in annual reports.Practical implicationsThe study provides an overall understanding of current trends of CSD in the Banking sector of a developing country. Regulators may use our findings to understand the current level of CSD and assess the need for issuing guidance in this regard. The association between board composition and CSD has implications both for banks when selecting board members and policymakers when establishing requirements concerning board composition under corporate governance guidelines.Originality/valueThis is one of the very few studies in the context of an emerging economy where CSD is voluntary. The paper contributes to a narrow stream of research investigating CSD and its association with board composition. Notably, it contributes to understanding how board composition is associated with CSD in the banking industry, which is highly exposed to cyber risk.

show abstract

Section: Research On Csd: Literature Reviewmentioning

confidence: 99%

Section: Samplementioning

confidence: 99%

Section: Empirical Model Specificationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Voluntary cybersecurity disclosure in the banking industry of Bangladesh: does board composition matter?

Mazumder

Hossain

2022

JAEE

View full text Add to dashboard Cite

show abstract

“…‫رل‬ ‫بتصيلبحتصث‬ ‫ا‬ ‫لنالبح‬ ‫ي‬ ‫يلبح‬ ‫ت‬ (Hilary et al, 2016;Berkman et al, 2018;Frank et al, 2019;Heroux & Anne, 2020;Kelton & Pennington, 2020;Badawy,…”

Section: ‫(وفرعياته)‬ ‫الرتيسي‬ ‫الفرض‬ ‫اشتقا‬ ‫و‬ ‫األسهم،‬ ‫في‬ ‫ا...unclassified

أثر الإفصاح عن تقریر إدارة مخاطر الأمن السیبرانی على قرار الاستثمار بأسهم الشركات المقیدة بالبورصة المصریة: دراسة تجریبیة

على¹,

علی²

2022

مجلة الاسکندریة للبحوث المحاسبیة

View full text Add to dashboard Cite

The research aimed to study and test the impact of disclosure of Cybersecurity Risk Management Report on the investment decision in shares listed on the Egyptian Stock Exchange. The research also examined the impact of some demographic characteristics (investor qualification and experience level) on the relationship under study. To achieve the research objective, an experimental study was conducted on a sample of stock investors and financial analysts in brokerage firms.The research concluded that there is a positive significant relationship between the Cybersecurity Risk Management Report and the stock investment decision, as it gives confidence to the company's work in the field of cybersecurity and protection from electronic attacks. This enables investors to assess the extent of the company's ability to maintain information security and reduce the possibility of breaches and negative events in the future, which contributes to rationalizing investors' decisions and improving the quality of their investment judgments.The research also concluded that there is a significant effect of the investor's experience and the level of his scientific qualification on the relationship between the disclosure of the cybersecurity risk management report and the stock investment decision. Furthermore, the results of the additional analysis also confirmed the importance of the investor's demographic characteristics in influencing his investment judgments. Finally, the results of the sensitivity analysis were consistent with the results of the basic analysis when changing the method of measuring the dependent variable (investment decision).

show abstract