Do firms underreport information on cyber-attacks? Evidence from capital markets

Amir, E, Levi, S and Livne, T (2018) Do firms underreport information on cyber-attacks? Evidence from capital markets. Review of Accounting Studies, 23 (3). pp. 1177-1206. ISSN 1380-6653

Abstract

Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.

More Details

Item Type: Article
Subject Areas: Accounting
Additional Information:

© 2019 Springer Nature

Date Deposited: 14 Oct 2019 09:30
Subjects: Financial markets
Information system security
Last Modified: 21 Dec 2024 03:10
URI: https://lbsresearch.london.edu/id/eprint/1223
More

Export and Share


Download

Full text not available from this repository.

Statistics

Altmetrics
View details on Dimensions' website

Downloads from LBS Research Online

View details

Actions (login required)

Edit Item Edit Item