Responses to SEC comment letters on cybersecurity disclosures: An exploratory study

Tawei Wang, Ju Chun Yen, Kyunghee Yoon

研究成果: 雜誌貢獻期刊論文同行評審

4 引文 斯高帕斯(Scopus)


Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company's security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.

期刊International Journal of Accounting Information Systems
出版狀態已出版 - 9月 2022


深入研究「Responses to SEC comment letters on cybersecurity disclosures: An exploratory study」主題。共同形成了獨特的指紋。