Determinant Factors of Cyber Security Disclosure: A Systematic Literature Review

Abstract

Cyber security disclosures as risk factor disclosures are particularly important. The importance of cyber security disclosure decisions is intensified by a significant number of data breaches that occur throughout the year raising serious concerns about corporate cyber security programs. Costs of data breaches can be significant. On the other hand, research on cyber security disclosure is still rare. This study aims to identify the factors that influence cyber security disclosures. Articles from various international journals were reviewed. Literature review was conducted to find determinant factors that determine cyber security disclosures. The results show that the determinant factors of cyber security disclosures are cyber security breach/previous cyber incidents, peer breach, public attention, WFH, board size, board independence, board gender diversity, institutional shareholders, foreign shareholders, capital expenditure, intangible asset, firm’s size, firm’s growth, firm’s leverage, firm’s profitability, firm’s loss, industry, guidance, technology committee, and executive change. Based on the literature review, the authors provide suggestions for future research. This research contributes by providing a comprehensive discussion of the determinant factors of cybersecurity disclosure from various studies. The limitation of this study is that the authors only reviewed articles published in English. Future research must include articles published in multiple languages.


Keywords: cyber, cybersecurity, disclosure, cybersecurity disclosure, determinants

References
[1] Li H. GW, Wang T. SEC’S cybersecurity disclosure guidance and disclosed cybersecurity risk factors. Journal of Accounting Information Systems. 2018:1–6.

[2] Schatz D, Bashroush R, Wall J, Towards A. More representative definition of cyber security. Jdfsl. 2017;12:53–74.

[3] Gao L. Calderon Tg, Tang F. Public companies ’ cybersecurity risk disclosures. International Journal of Accounting Information System. Epub Ahead Of Print 30 June 2020. Doi: Https://Doi.Org/10.1016/J.Accinf.2020.100468

[4] Haapamäki E, Sihvonen J. Cybersecurity in accounting research. Managerial Auditing Journal. 2019;34(7):808–834.

[5] Arcy J, Basoglu A. The influences of public and institutional pressure on firms’ cybersecurity disclosures. J Assoc Inf Syst. 2022;23(3):779–805.

[6] Chen J, Henry E, Jiang X. Is cybersecurity risk factor disclosure informative? Evidence from disclosures following a data breach. 2022.

[7] Higgs J, Pinsker R, Smith T, et al. The relationship between board-level technology committees and reported security breaches. Journal of Information Systems. https://doi.org/10.2308/isys-51402

[8] Masoud N, Al-Utaibi G. The determinants of cybersecurity risk disclosure in firms’ financial reporting: Empirical Evidence. Res Econ. 2022;76(2):131–140.

[9] Swift O, Colon R, Davis K. The impact of cyber breaches on the content of cybersecurity disclosures. J Forensic Investig Account. 2020;12.

[10] Wu Q, Yoon K, No G. The effect of remote workforce on firms’ cybersecurity risk disclosures and incidents. SSRN Elsevier E-Journals. 2023;1– 23. https://doi.org/10.2139/ssrn.4342761

[11] Haislip J, Lim JH, Pinsker R. The impact of executives’ IT expertise on reported data security breaches. Inf Syst Res. 2021;32(2):318–334.

[12] Haislip JZ, Karim KE, Lin KJ, Pinsker RE. The influences of CEO IT expertise and board-level technology committees on form 8-k disclosure timeliness. J Inf Syst. 2020;34(2):167–185.

[13] Radu C, Smaili N. Board gender diversity and corporate response to cyber risk: Evidence from cybersecurity related disclosure. Journal of Business Ethics.

[14] Mazumder MMM, Hossain DM. Voluntary cybersecurity disclosure in the banking industry of Bangladesh: Does board composition matter? Journal of Accounting in Emerging Economies.