Do Nonprofessional Investors Care About How and When Data Breaches are Disclosed?

Cheng, Xu; Walton, Stephanie

doi:10.2308/isys-52410

Cited by 17 publications

(15 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Further, issuing an independent cybersecurity assurance report may increase a company's ability to attract investments. Finally, (Cheng & Walton, 2019) explore whether the timing and source of data breaches impact investors' reactions to the data breaches. By using an experimental setting, the authors demonstrate that investors are less likely to invest in a company if the breach is announced by the company itself, as compared to an outside source.…”

Section: / Literature Review and Problem Statementmentioning

confidence: 99%

A proposed Framework for Studying the Impact of Cybersecurity on Accounting Information to Increase Trust in The Financial Reports in the Context of Industry 4.0: An Event, Impact and Response Approach

Daoud

Serag

2022

التجارة والتمويل

View full text Add to dashboard Cite

Industry technologies include Big data, internet of things, system integration, cloud computing , Rebotics , automation augment and virtual reality. Cybersecurity help guarantee that these technologies and essential information they contain remain sale and protected. As Interconnection and the usage of electronic data gathering, storage, and transfer become more prevalent, with significant industry adoption, and that increasing the number of business being targeted for cybertheft, damage or disruption. Cybersecurity means all steps to safeguard business against illegal electronic data usage. Manufacturers Can remain secure and prosperous by protecting all hardware, software, and information from internal and external threats. These breaches have implications for business enterprises as they may result in lower performance and market value, increased operational risks, lost information and significant employee time spent ensuring compliance with appropriate privacy and confidentially regulations. The proposed framework depends on an event, impact and response approach to identify directions for accounting and auditing. This framework aims to examine how cybersecurity impacts cybersecurity events or threats, and how these events impact organisations and responses by various parties to different events. Based on COSO Enterprise Risk Management Framework, organisations need to identify the impact of cybersecurity threats, then follow up by developing responses to the related risks by using cause and effect relationship between risks and responses.

show abstract

Section: / Literature Review and Problem Statementmentioning

confidence: 99%

A proposed Framework for Studying the Impact of Cybersecurity on Accounting Information to Increase Trust in The Financial Reports in the Context of Industry 4.0: An Event, Impact and Response Approach

Daoud

Serag

2022

التجارة والتمويل

View full text Add to dashboard Cite

show abstract

“…‫يجرلنللث‬ ‫هلبح‬ ‫لا‬ ‫ل‬ ‫أ‬ (Frank et al, 2019;Cheng & Walton, 2019;Kelton & Pennington, 2020;Yang et al, 2020;Badawy, 2021…”

Section: ‫ألر‬ ‫ا‬ ‫رلبحن‬ ‫أا‬ ‫ثصح‬ ‫ل‬ ‫رل‬ ‫بتصيلبحتصث‬ ‫ا‬ ‫لبح‬unclassified

أثر الإفصاح عن تقریر إدارة مخاطر الأمن السیبرانی على قرار الاستثمار بأسهم الشركات المقیدة بالبورصة المصریة: دراسة تجریبیة

على¹,

علی²

2022

مجلة الاسکندریة للبحوث المحاسبیة

View full text Add to dashboard Cite

The research aimed to study and test the impact of disclosure of Cybersecurity Risk Management Report on the investment decision in shares listed on the Egyptian Stock Exchange. The research also examined the impact of some demographic characteristics (investor qualification and experience level) on the relationship under study. To achieve the research objective, an experimental study was conducted on a sample of stock investors and financial analysts in brokerage firms.The research concluded that there is a positive significant relationship between the Cybersecurity Risk Management Report and the stock investment decision, as it gives confidence to the company's work in the field of cybersecurity and protection from electronic attacks. This enables investors to assess the extent of the company's ability to maintain information security and reduce the possibility of breaches and negative events in the future, which contributes to rationalizing investors' decisions and improving the quality of their investment judgments.The research also concluded that there is a significant effect of the investor's experience and the level of his scientific qualification on the relationship between the disclosure of the cybersecurity risk management report and the stock investment decision. Furthermore, the results of the additional analysis also confirmed the importance of the investor's demographic characteristics in influencing his investment judgments. Finally, the results of the sensitivity analysis were consistent with the results of the basic analysis when changing the method of measuring the dependent variable (investment decision).

show abstract

“…Based on a sample of 9,677 firm year observations from 2,264 firms in US, Berkman et al (2018) tested the impact of cybersecurity awareness, measured by the disclosure of information security, on the market value and found a positive and significant relationship. In the same context, Cheng & Walton (2019) investigated the impact of data breach disclosure initiative and timing on investors' valuations. Based on a sample of 107 non-professional investors from 32 states in US, the authors found that investors' valuation was negative in case the company is the first one to disclose the data breach and when there is a significant delay between the time of data breach and the time of public disclosure.…”

Section: Impact Of Cybersecurity Risk Management Disclosure and The Related Assurance On Investors' Perception And Decisionsmentioning

confidence: 99%

“…After excluding the participants who failed to answer the first manipulation check question (1 participant) and the second manipulation check question (15 question), the final number of participants is 64 (See Figure 1), distributed as follows: Group 1 (Big4 X Reasonable) = 17, Group 2 (non-Big4 X Reasonable) = 16, Group 3 (Big4 X Limited) = 16, and Group 4 (non-Big4 X Limited) = 15 participants (Hodge et al, 2009;Perols & Murthy, 2021). The researcher selected non-professional investors, as a stakeholder group, because they represent a considerable portion of the stock market (Cheng & Walton, 2019)…”

Section: Participantsmentioning

confidence: 99%

أثر جودة ومستوى التوکید على برنامج إدارة مخاطر الأمن السیبرانی على قرارات المستثمرین المصریین غیر المحترفین: دراسة تجریبیة (باللغة الانجلیزیة)

بدوي¹

2021

مجلة الاسکندریة للبحوث المحاسبیة

View full text Add to dashboard Cite

The objective of this study is to examine and analyze the impact of assurance quality (measured by the size of the audit firm performing this assurance; Big4 auditor vs. non-Big4) and assurance level (reasonable vs. limited assurance) on cybersecurity risk management program on non-professional investors' willingness to invest and their stock valuation. To fulfil the research objective, a 2X2 between-subjects experiment was designed to test the research hypotheses.Based on a sample of 64 MBA and postgraduate students in the Faculty of Commerce, Alexandria University and ESLSCA University, the researcher found evidence that high assurance quality (Big4 auditor) and reasonable assurance level conveyed in the assurance report on cybersecurity risk management program have a significant and positive effect on investors' willingness to invest and their stock valuation. However, the researcher didn't find significant difference in investors' willingness to invest or their stock valuation in case a limited assurance report is offered by a Big4 audit firm in comparison with the case of a reasonable assurance report offered by a non-Big4 audit firm. This study adds an experimental evidence to the literature on non-audit services and cybersecurity and will help in reducing the accounting research gap related to cybersecurity risk management program, which is consistent with the Egyptian government's efforts and attention paid to cybersecurity and its related risks.

show abstract

Do Nonprofessional Investors Care About How and When Data Breaches are Disclosed?

Cited by 17 publications

References 39 publications

A proposed Framework for Studying the Impact of Cybersecurity on Accounting Information to Increase Trust in The Financial Reports in the Context of Industry 4.0: An Event, Impact and Response Approach

A proposed Framework for Studying the Impact of Cybersecurity on Accounting Information to Increase Trust in The Financial Reports in the Context of Industry 4.0: An Event, Impact and Response Approach

أثر الإفصاح عن تقریر إدارة مخاطر الأمن السیبرانی على قرار الاستثمار بأسهم الشركات المقیدة بالبورصة المصریة: دراسة تجریبیة

أثر جودة ومستوى التوکید على برنامج إدارة مخاطر الأمن السیبرانی على قرارات المستثمرین المصریین غیر المحترفین: دراسة تجریبیة (باللغة الانجلیزیة)

Contact Info

Product

Resources

About