Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis

Al Lawati, Taha Mustafa Mohsin (2017) Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis. [Dissertation (University of Nottingham only)]

[thumbnail of Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies An Empirical Analysis.pdf] PDF - Registered users only - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (785kB)

Abstract

Cyber risk disclosure has received significant attention recently, but it is still not examined in empirical research investigating companies’ cyber risk disclosure practices. This research aims to explore the gap in the literature and examines cyber risk disclosure in the annual reports, corporate governance statements and guidelines and proxy statements in a sample of 10 U.S. information technology companies using a sentence analysis approach. The data was derived solely from these documents and their contents were analyzed to identify cyber risk disclosures. The findings show that all disclosures related to cyber risk are qualitative in nature. There is no attempt to quantify cyber risk by any means nor to assign a probability of cyber risk materializing. Also, there is no significant correlation between having a director with a direct specialist expertise and the quality of cyber risk disclosure. Similarly, not mentioning cyber risk in corporate governance guidelines and statement have no significant correlation with the quality of cyber risk disclosure in annual reports. Nevertheless, the companies exhibit readiness to disclose forward-looking information. In addition, there is a positive correlation between designating a committee to be responsible for cyber risk with the quality of cyber risk disclosure. Overall, cyber risk disclosures are commonplace and bland and lacked the depth required for clearly understanding the companies’ exposure to cyber risk.

Item Type: Dissertation (University of Nottingham only)
Keywords: Risk Management, Cyber Risk, Cyber Risk Disclosure, Reporting, Cyber Security
Depositing User: AL LAWATI, MR TAHA
Date Deposited: 12 Apr 2018 09:02
Last Modified: 17 Apr 2018 15:06
URI: https://eprints.nottingham.ac.uk/id/eprint/46205

Actions (Archive Staff Only)

Edit View Edit View