Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

Richardson, Vernon J.; Smith, Rodney E.; Watson, Marcia Weidenmier

doi:10.2308/isys-52379

Cited by 67 publications

(33 citation statements)

References 66 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite the above arguments that would suggest a positive association between cybersecurity experience and audit fees of non-breached clients, Richardson et al (2019) pointed out that these risks have long been known and thus have already been priced into audit fees regardless of cybersecurity experience. Furthermore, Yen et al (2018) argues that industry expertise can help auditors better assess cybersecurity risks and evaluate cybersecurity management processes with less effort, which implies that we would expect a negative association.…”

Section: Hypothesis Developmentmentioning

confidence: 99%

“…Supporting the argument, both Li et al (2020) and Smith et al (2019) It is arguable that audit fees are not solely determined by auditors but reflect a negotiation between the management and the auditor (Abbott et al 2003). In fact, anecdotal evidence suggests that auditors have difficulty raising audit fees due to intense completion for new clients (Richardson et al 2019). However, as SEC has repeatedly emphasized cybersecurity (SEC 2011, 2018b, 2018a), firms are under greater pressure complying with SEC's cybersecurity disclosure guidance and also urgently demand assistance in evaluating cybersecurity controls 2 .…”

Section: Hypothesis Developmentmentioning

confidence: 99%

“…Share prices of firms in the same industry or similar firms are also negatively influenced. However, some research work fails to find such association (e.g., Hilary et al 2016;Richardson et al 2019). Both Gordon et al (2011) and Richardson et al (2019) argue that the inconsistent results can be explained by difference in sample, selection criteria, and research method.…”

Section: Introductionmentioning

confidence: 99%

“…However, some research work fails to find such association (e.g., Hilary et al 2016;Richardson et al 2019). Both Gordon et al (2011) and Richardson et al (2019) argue that the inconsistent results can be explained by difference in sample, selection criteria, and research method. In addition to examining market valuation, a limited but growing number of studies are investigating the impact of cyber incidents on audit engagement.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The Effect of Auditor Cybersecurity Expertise on Audit Fees and Cyber Incidents.

Huang¹

2020

Preprint

View full text Add to dashboard Cite

This study focuses on local audit offices' cybersecurity expertise and examines the effect of such expertise on non-breached clients' audit fees and future cyber incidents. Using data on cyber incidents from the Audit Analytics cybersecurity database and the Privacy Rights Clearinghouse for the period from 2006 to 2017, we observe a positive and significant association between auditor's cybersecurity experience and non-breached clients' audit fees. This suggests that auditors with greater cybersecurity experience consider cyber risk before any cyber incident has occurred. In addition, we find evidence that the increased audit fees charged by cybersecurityexperienced auditors are negatively associated with non-breached clients' future breaches and auditor's IT capability strengthens the association. Collectively, this finding suggests that auditor's cybersecurity experience is effective in helping clients preventing future cyber incidents and auditor's IT capability strengthens the effectiveness. Our results remain robust after a battery of sensitivity tests.

show abstract

Section: Hypothesis Developmentmentioning

confidence: 99%

Section: Hypothesis Developmentmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Effect of Auditor Cybersecurity Expertise on Audit Fees and Cyber Incidents.

Huang¹

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…To date, cyber-attacks continue to increase and the success of governing bodies in addressing cybersecurity risks and security breaches is relatively unknown. 1 Although there are studies related to cybersecurity that provide research summaries in the areas of (1) cybersecurity disclosures, (2) cybersecurity investment, (3) economic consequences to cybersecurity incidents, and (4) manager and auditor responses to cybersecurity risks (Haapama¨ki and Sihvonen 2019;Richardson, Smith, and Weidenmier Watson 2019;Walton, Wheeler, Zhang, and Zhao 2021;Wilkin and Chenhall 2020), the role of IT as a governance tool to combat cyber-attacks has not been fully explored. With the aim of understanding the current and future role of governance mechanisms in managing cybersecurity risks, this paper reviews the existing cybersecurity guidelines and regulations, and summarizes the empirical research related to corporate governance, security breaches, and IT expertise in overseeing cyber risks, using a combination of words to search for relevant studies published in top peer-reviewed journals.…”

Section: Introductionmentioning

confidence: 99%

Academic Research on the Role of Corporate Governance and IT Expertise in Addressing Cybersecurity Breaches: Implications for Practice, Policy, and Research

Hartmann

Carmenate

2021

Current Issues in Auditing

View full text Add to dashboard Cite

Frequent cyber-attacks on organizations in the last decade have caught the attention of practitioners and governance bodies, who have called for boards to take a more active role in managing and preventing future cyber risks. Governance surveys however, find that boards are not sufficiently prepared to address cyber security risks due to a lack of IT expertise. Firms have begun appointing technology experts, creating board level technology (IT) committees and delegating responsibilities to the audit committee as a means of managing cybersecurity risk. With the aim of understanding the current and future role of governance mechanisms in managing cybersecurity risks, this paper reviews the existing cybersecurity guidelines and regulations, and summarizes the empirical research related to corporate governance, security breaches, and IT expertise in overseeing cyber risks. Finally, we discuss implications for practice, policy and researchers.

show abstract

The importance of cybersecurity disclosures in customer relationships

Nelson,

Wang

2024

J Corp Accounting Finance

View full text Add to dashboard Cite

The escalating use of digital technologies has spotlighted the crucial role of cybersecurity in safeguarding sensitive information within companies. This study explores the relationship between a firm's major customers and its cybersecurity awareness. Drawing on SEC‐mandated disclosures, we employ four proxies to measure changes in customer‐supplier relationships. Our findings reveal that customers increase their purchases from suppliers whose cybersecurity awareness scores improve. Additionally, we examine the interplay between customers and suppliers more susceptible to nonpublic adverse news, particularly during cyber events. The study emphasizes the importance of cybersecurity disclosure for regulators, supply chain partners, and corporate management. It also contributes to the literature on factors influencing the duration of customer‐supplier relationships and underscores the significance of supplier characteristics. “Understanding and disclosing cybersecurity risks are” paramount in an increasingly digital business landscape.

show abstract

Much Ado about Nothing: The (Lack of) Economic Impact of Data Privacy Breaches

Cited by 67 publications

References 66 publications

The Effect of Auditor Cybersecurity Expertise on Audit Fees and Cyber Incidents.

The Effect of Auditor Cybersecurity Expertise on Audit Fees and Cyber Incidents.

Academic Research on the Role of Corporate Governance and IT Expertise in Addressing Cybersecurity Breaches: Implications for Practice, Policy, and Research

The importance of cybersecurity disclosures in customer relationships

Contact Info

Product

Resources

About