Do firms underreport information on cyber-attacks? Evidence from capital markets

Amir, E, Levi, S and Livne, T (2018) Do firms underreport information on cyber-attacks? Evidence from capital markets. Review of Accounting Studies, 23 (3). pp. 1177-1206. ISSN 1380-6653

Abstract

Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.

More Details

Item Type: Article
Subject Areas: Accounting
Additional Information:

© 2019 Springer Nature

Date Deposited: 14 Oct 2019 09:30
Subjects: Financial markets
Information system security
Last Modified: 27 Feb 2025 13:02
URI: https://lbsresearch.london.edu/id/eprint/1223
More

Export and Share


Download

Full text not available from this repository.

Statistics

Altmetrics
View details on Dimensions' website
Cited 0 times in

Downloads from LBS Research Online

View details

Actions (login required)

Edit Item Edit Item