TY - JOUR
T1 - Do firms underreport information on cyber-attacks? Evidence from capital markets
AU - Amir, Eli
AU - Levi, Shai
AU - Livne, Tsafrir
N1 - Publisher Copyright:
© 2018, Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2018/9/1
Y1 - 2018/9/1
N2 - Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.
AB - Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.
KW - Cyber attacks
KW - Data breaches
KW - Disclosure
UR - http://www.scopus.com/inward/record.url?scp=85048753691&partnerID=8YFLogxK
U2 - 10.1007/s11142-018-9452-4
DO - 10.1007/s11142-018-9452-4
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85048753691
SN - 1380-6653
VL - 23
SP - 1177
EP - 1206
JO - Review of Accounting Studies
JF - Review of Accounting Studies
IS - 3
ER -