Skip to main content
Springer Nature Link
Log in

Systematic Review of Cybersecurity Disclosure Research

  • Conference paper
  • First Online:
Algorithmic Aspects in Information and Management (AAIM 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15179))

  • 430 Accesses

Abstract

This literature review examines the field of cybersecurity disclosure, highlighting key research themes and identifying gaps in the literature. It covers topics including the impact of regulatory frameworks on disclosure practices, financial consequences of cybersecurity breaches, and the effectiveness of communication strategies in the disclosure process. The review also considers the role of emerging technologies and social media in shaping perceptions. Through analysis of empirical and exploratory studies from recent years, the review explores the dynamics between cybersecurity incidents, regulatory responses, and corporate disclosure strategies. It emphasizes the importance of transparent and timely disclosures for maintaining stakeholder trust and protecting organizational interests amid increasing cyber threats. The paper concludes by proposing future research directions to enhance understanding and effectiveness of cybersecurity disclosures, calling for new methodologies and tools to manage the dissemination of cybersecurity information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Commission Statement and Guidance on Public Company Cybersecurity Disclosure. https://www.sec.gov/files/rules/interp/2018/33-10459.pdf. Accessed 9 June 2024

  2. Key Takeaways from the SEC’s 2018 Cybersecurity Guidance. https://www.kirkland.com/siteFiles/Publications/Key_Takeaways_from_the_SEC’s_2018_Cybersecurity_Guidance.pdf. Accessed 3 Dec 2023

  3. SEC’s new cyber disclosure rule. https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/sec-final-cybersecurity-disclosure-rules.html. Accessed 4 Jan 2024

  4. Haapamäki, E., Sihvonen, J.: Cybersecurity in accounting research. In: Artificial Intelligence in Accounting, pp. 182–214 (2022)

    Google Scholar 

  5. Walton, S., Wheeler, P.R., Zhang, Y., Zhao, X.: An integrative review and analysis of cybersecurity research: current state and future directions. J. Inf. Syst. 35(1), 155–186 (2021)

    Google Scholar 

  6. Ali, S.E.A., Lai, F.-W., Dominic, P.D.D., Brown, N.J., Lowry, P.B.B., Ali, R.F.: Stock market reactions to favorable and unfavorable information security events: a systematic literature review. Comput. Secur. 110, 102451 (2021)

    Article  Google Scholar 

  7. Masoud, N., Al-Utaibi, G.: The determinants of cybersecurity risk disclosure in firms’ financial reporting: empirical evidence. Res. Econ. 76(2), 131–140 (2022)

    Article  Google Scholar 

  8. Calderon, T.G., Gao, L.: Changes in corporate cybersecurity risk disclosures after SEC comment letters. J. Account. Public Policy 41(5), 106993 (2022)

    Article  Google Scholar 

  9. Chen, J., Henry, E., Jiang, X.: Is cybersecurity risk factor disclosure informative? Evidence from disclosures following a data breach. J. Bus. Ethics 187(1), 199–224 (2023)

    Article  Google Scholar 

  10. Florackis, C., Louca, C., Michaely, R., Weber, M.: Cybersecurity risk. Rev. Financ. Stud. 36(1), 351–407 (2023)

    Article  Google Scholar 

  11. Wang, T., Yen, J.-C., Yoon, K.: Responses to SEC comment letters on cybersecurity disclosures: an exploratory study. Int. J. Account. Inf. Syst. 46, 100567 (2022)

    Article  Google Scholar 

  12. Wang, H.E., Wang, Q.E., Wu, W.: Short selling surrounding data breach announcements. Finance Res. Lett. 47, 102690 (2022)

    Article  Google Scholar 

  13. Lin, Z., Sapp, T.R.A., Ulmer, J.R., Parsa, R.: Insider trading ahead of cyber breach announcements. J. Financ. Mark. 50, 100527 (2020)

    Article  Google Scholar 

  14. Thomas, L., Gondal, I., Oseni, T., Firmin, S.S.: A framework for data privacy and security accountability in data breach communications. Comput. Secur. 116, 102657 (2022)

    Article  Google Scholar 

  15. Liu, J., Ni, X.: Ordeal by innocence in the big-data era: intended data breach disclosure, unintended real activities manipulation. Eur. Financ. Manag. 30(1), 129–163 (2024)

    Article  Google Scholar 

  16. Chen, R., Kim, D.J., Rao, H.R.: A study of social networking site use from a three-pronged security and privacy threat assessment perspective. Inf. Manage. 58(5), 103486 (2021)

    Article  Google Scholar 

  17. Ong, R., Sabapathy, S.: Hong Kong’s data breach notification scheme: from the stakeholders’ perspectives. Comput. Law Secur. Rev. 42, 105579 (2021)

    Article  Google Scholar 

  18. Hamid, U.M., Ali, M.H., Hassan, M.K.: Cybersecurity hazards and financial system vulnerability: a synthesis of literature. Risk Manage. 22(4), 239–309 (2020)

    Article  Google Scholar 

  19. Tosun, O.K.: Cyber-attacks and stock market activity. Int. Rev. Financ. Anal. 76, 101795 (2021)

    Article  Google Scholar 

  20. Taufick, R.D.: The underdeterrence, underperformance response to privacy, data protection laws. Technol. Soc. 67, 101752 (2021)

    Article  Google Scholar 

  21. Smith, T., Tadesse, A.F., Vincent, N.E.: The impact of CIO characteristics on data breaches. Int. J. Account. Inf. Syst. 43, 100532 (2021)

    Article  Google Scholar 

  22. Roumani, Y.: Detection time of data breaches. Comput. Secur. 112, 102508 (2022)

    Article  Google Scholar 

  23. Piccotti, L.R., Wang, H.: Informed trading in the options market surrounding data breaches. Global Finance J. 56, 100774 (2022)

    Article  Google Scholar 

  24. Ogbanufe, O., Kim, D.J., Jones, M.C.: Informing cybersecurity strategic commitment through top management perceptions: the role of institutional pressures. Inf. Manage. 58(7), 103507 (2021)

    Article  Google Scholar 

  25. Nissim, D.: Big data, accounting information, and valuation. J. Finance Data Sci. 8, 69–85 (2022)

    Article  Google Scholar 

  26. McLeod, A., Dolezel, D.: Information security policy non-compliance: can capitulation theory explain user behaviors? Comput. Secur. 112, 102526 (2022)

    Article  Google Scholar 

  27. Liang, Y., Telang, R.: Customer response to adverse security events: an empirical study. Available at SSRN 3523788 (2020)

    Google Scholar 

  28. Li, H., No, W.G., Boritz, J.E.: Are external auditors concerned about cyber incidents? Evidence from audit fees. Auditing J. Pract. Theory 39(1), 151–171 (2020)

    Google Scholar 

  29. Lattanzio, G., Ma, Y.: Corporate innovation in the cyber age. SMU Cox School of Business Research Paper 20-04 (2021)

    Google Scholar 

  30. Kesari, A.: Predicting cybersecurity incidents with machine learning and mandatory disclosure regulation. Illinois J. Law Technol. Policy, 57 (2022)

    Google Scholar 

  31. Gao, L., Calderon, T.G., Tang, F.: Public companies’ cybersecurity risk disclosures. Int. J. Account. Inf. Syst. 38, 100468 (2020)

    Article  Google Scholar 

  32. Barry, T., Jona, J., Soderstrom, N.: The impact of country institutional factors on firm disclosure: cybersecurity disclosures in Chinese cross-listed firms. J. Account. Public Policy 41(6), 106998 (2022)

    Article  Google Scholar 

  33. Andrew, J., Baker, M., Huang, C.: Data breaches in the age of surveillance capitalism: do disclosures have a new role to play? Crit. Perspect. Account. 90, 102396 (2023)

    Article  Google Scholar 

  34. Badawy, H.A.E.S.: The impact of assurance quality and level on cybersecurity risk management program on non-professional Egyptian investors’ decisions: an experimental study. Alexandria J. Account. Res. 5(3) (2021)

    Google Scholar 

  35. Ashraf, M., Jiang, J.X., Wang, I.Y.: Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws. J. Finance Data Sci. 8, 202–213 (2022)

    Article  Google Scholar 

  36. Ashraf, M.: Potentially unintended consequences of the SEC restricting managerial discretion: evidence from peer data breaches and cyber risk factors. Available at SSRN 3807487 (2021)

    Google Scholar 

  37. Binkley, M.R.: Can you see it coming? How disclosure and corporate social responsibility activity predict cybersecurity breach. Diss., The University of North Carolina at Charlotte (2021)

    Google Scholar 

  38. Rosati, P., Lynn, T.: A dataset for accounting, finance and economics research on US data breaches. Data Brief 35, 106924 (2021)

    Article  Google Scholar 

  39. Ashraf, M., Sunder, J.: Can shareholders benefit from consumer protection disclosure mandates? Evidence from data breach disclosure laws. Account. Rev. 98(4), 1–32 (2023)

    Article  Google Scholar 

  40. Barati, M., Yankson, B.: Predicting the occurrence of a data breach. Int. J. Inf. Manage. Data Insights 2(2), 100128 (2022)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Business, Clark University, Worcester, MA, 01610-1477, USA

    Hongmin W. Du

  2. Accounting and Information Systems Department, Rutgers University, Piscataway, NJ, 08854, USA

    Jiahui Xu & Miklos A. Vasarhelyi

Authors
  1. Hongmin W. Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiahui Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miklos A. Vasarhelyi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hongmin W. Du .

Editor information

Editors and Affiliations

  1. Santa Clara University, Santa Clara, CA, USA

    Smita Ghosh

  2. Zhejiang Normal University, Jinhua, China

    Zhao Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Du, H.W., Xu, J., Vasarhelyi, M.A. (2024). Systematic Review of Cybersecurity Disclosure Research. In: Ghosh, S., Zhang, Z. (eds) Algorithmic Aspects in Information and Management. AAIM 2024. Lecture Notes in Computer Science, vol 15179. Springer, Singapore. https://doi.org/10.1007/978-981-97-7798-3_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-7798-3_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-7797-6

  • Online ISBN: 978-981-97-7798-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics