SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors

Li, He; No, Won Gyun; Wang, Tawei

doi:10.1016/j.accinf.2018.06.003

Cited by 75 publications

(61 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, the findings indicated that the association between the presence of cybersecurity risk disclosure and subsequently announced cybersecurity incidents become insignificant after the passage of the USA Securities and Exchange Commission's (SEC) cybersecurity disclosure guidance. Hence, the work of Li et al (2018) supports the SEC's decision on underlining cybersecurity risk disclosure. However, Li et al pointed out that the SEC's disclosure guidance may unintentionally encourage firms to disclose cybersecurity risks regardless of the level of the risks.…”

Section: Disclosure Of Cybersecurity Activitiesmentioning

confidence: 80%

“…No. of citations Amir et al, 2018;Carré et al, 2018;Curtis et al, 2018;Ettredge et al, 2018;Gordon et al, 2018;Gyun No and Vasarhelyi, 2017;Islam et al, 2018;Kahyaoglu and Caliyurt, 2018;Li et al, 2018;Rahimian et al, 2016;Smith et al, 2018;Stafford et al, 2018 12 0-4 Bose and Luo, 2014;Gansler and Lucyshyn, 2005;Gordon et al, 2016;Gordon et al, 2008;Higgs et al, 2016;Steinbart et al, 2018;Steinbart et al, 2016;Steinbart et al, 20138 5-30 Abu-Musa, 2006Gordon et al, 2015a;Gordon et al, 2015b;Hausken, 2007;Kwon et al, 2013;Pathak, 2005;Steinbart et al, 2012;Wallace et al, 2011;Wang et al, 2013 9 30-90 Boritz andNo, 2005;Ettredge and Richardson, 2003;Gordon et al, 2010;Gordon et al, 2003;Gordon and Loeb, 2002;Hausken, 2006;Lainhart, 2000;Li et al, 2012;Tanaka et al, 2005 10 90 ! Table IV.…”

Section: Authorsmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity in accounting research

Haapamäki

Sihvonen

2019

MAJ

View full text Add to dashboard Cite

Purpose This paper aims to update the cybersecurity-related accounting literature by synthesizing 39 recent theoretical and empirical studies on the topic. Furthermore, the paper provides a set of categories into which the studies fit. Design/methodology/approach This is a synthesis paper that summarizes the research literature on cybersecurity, introducing knowledge from the extant research and revealing areas requiring further examination. Findings This synthesis identifies a research framework that consists of the following research themes: cybersecurity and information sharing, cybersecurity investments, internal auditing and controls related to cybersecurity, disclosure of cybersecurity activities and security threats and security breaches. Practical implications Academics, practitioners and the public would benefit from a research framework that categorizes the research topics related to cybersecurity in the accounting field. This type of analysis is vital to enhance the understanding of the academic research on cybersecurity and can be used to support the identification of new lines for future research. Originality/value This is the first literature analysis of cybersecurity in the accounting field, and it has significant implications for research and practice by detailing, for example, the benefits of and obstacles to information sharing. This synthesis also highlights the importance of the model for cybersecurity investments. Further, the review emphasizes the role of internal auditing and controls to improve cybersecurity.

show abstract

Section: Disclosure Of Cybersecurity Activitiesmentioning

confidence: 80%

Section: Authorsmentioning

confidence: 99%

Cybersecurity in accounting research

Haapamäki

Sihvonen

2019

MAJ

View full text Add to dashboard Cite

show abstract

“…Lee's study focused on the issue of disclosing Cybersecurity risks, especially after the issuance of the Securities Commission's instructions to disclose Cybersecurity risks, so the study aimed to know the determinants and axes of Cybersecurity risks that have been declared and it has become recognized that the presence of these risk factors in a period Before the warning is linked to the reported future Cybersecurity incidents, here we find that the correlation between the Cybersecurity incidents and the reported Cybersecurity risks becomes insignificant unless disclosed, and the study concluded that the decision of the Securities and Exchange Commission regarding the confirmation of disclosure of security risks Cyber. However, the US Securities and Exchange Commission's disclosure directive may inadvertently encourage companies to disclose Cybersecurity risks regardless of the level of risk (Li et al, 2018). As organizations become more interested in developing their information security and protection systems.…”

Section: Cybersecuritymentioning

confidence: 99%

Financial Technology (Fintech) and cybersecurity

Duhaidahawi¹,

Zhang²,

Abdulreda³

et al. 2021

IJRBS

View full text Add to dashboard Cite

In this paper, we investigate the definition of Fintech and measure the extent of the impact of Fintech variables on the Cybersecurity as the dependent variable. The hypotheses developed by the authors which are based on research through the statistical results of the research variables and as all correlation coefficients were a positive relationship and at the level of significance 0.01 which made the authors accept the correlation hypotheses, and for the results of the influence factor between the research variables it also had a positive effect when the level of 0.05 for all sections of the independent variable, as we have also noticed that the influence of the independent variable of financial technology when linked to all of its sections with Cybersecurity. We find the influence of the influence coefficient significantly increased to 0.908, which explains that there is a complementarity between the sections of the independent variable.

show abstract

“…They find that security risk factors with risk‐mitigation themes are less likely to be related to future breach announcements. Li, No, and Wang (2018) examine the usefulness of cybersecurity‐related risk factors disclosed in 10‐K filings. They find that the presentence and length of these risk factor disclosures are related to future reported cyber incidents.…”

Section: Background and Hypothesis Developmentmentioning

confidence: 99%

Cybersecurity risks disclosure and implied audit risks: Evidence from audit fees

Calderon

Gao

2020

Int J Auditing

View full text Add to dashboard Cite

This study examines the association between companies' cybersecurity risk disclosures and audit fees. Based on a sample from 2005 to 2018, we find that companies' audit fees are not only influenced by the content (number of words), but also by the language (readability and litigious language) disclosed in their cybersecurity risk disclosures. We extend prior studies and find that audit firms assess audit risks not just by evaluating actual cyber breach incidents, but also the cybersecurity risks disclosures more generally. The implication is that the auditor incorporates into their risk assessments, and accordingly their fee structures, the nature and content of cybersecurity risk disclosures. In general, more readable disclosures can reduce audit fees and perhaps other monitoring costs incurred by SEC registrants.

show abstract

SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors

Cited by 75 publications

References 18 publications

Cybersecurity in accounting research

Cybersecurity in accounting research

Financial Technology (Fintech) and cybersecurity

Cybersecurity risks disclosure and implied audit risks: Evidence from audit fees

Contact Info

Product

Resources

About