Do firms underreport information on cyber-attacks? Evidence from capital markets
成果类型:
Article
署名作者:
Amir, Eli; Levi, Shai; Livne, Tsafrir
署名单位:
Tel Aviv University; University of North Carolina; University of North Carolina Chapel Hill
刊物名称:
REVIEW OF ACCOUNTING STUDIES
ISSN/ISSBN:
1380-6653
DOI:
10.1007/s11142-018-9452-4
发表日期:
2018
页码:
1177-1206
关键词:
security breach announcements
disclosure
IMPACT
delay
摘要:
Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.
来源URL: