Do firms underreport information on cyber-attacks? Evidence from capital markets

Eli Amir, Shai Levi*, Tsafrir Livne

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

127 Scopus citations

Abstract

Firms should disclose information on material cyber-attacks. However, because managers have incentives to withhold negative information, and investors cannot discover most cyber-attacks independently, firms may underreport them. Using data on cyber-attacks that firms voluntarily disclosed, and those that were withheld and later discovered by sources outside the firm, we estimate the extent to which firms withhold information on cyber-attacks. We find withheld cyber-attacks are associated with a decline of approximately 3.6% in equity values in the month the attack is discovered, and disclosed attacks with a substantially lower decline of 0.7%. The evidence is consistent with managers not disclosing negative information below a certain threshold and withholding information on the more severe attacks. Using the market reactions to withheld and disclosed attacks, we estimate that managers disclose information on cyber-attacks when investors already suspect a high likelihood (40%) of an attack.

Original languageEnglish
Pages (from-to)1177-1206
Number of pages30
JournalReview of Accounting Studies
Volume23
Issue number3
DOIs
StatePublished - 1 Sep 2018

Funding

FundersFunder number
Bar Ilan University
Ben Gurion University
Henry Crown Institute of Business Research
Jeremy Coller Foundation
American Accounting Association
Hebrew University of Jerusalem
Tel Aviv University

    Keywords

    • Cyber attacks
    • Data breaches
    • Disclosure

    Fingerprint

    Dive into the research topics of 'Do firms underreport information on cyber-attacks? Evidence from capital markets'. Together they form a unique fingerprint.

    Cite this