TY - JOUR
T1 - Responses to SEC comment letters on cybersecurity disclosures
T2 - An exploratory study
AU - Wang, Tawei
AU - Yen, Ju Chun
AU - Yoon, Kyunghee
N1 - Publisher Copyright:
© 2022 Elsevier Inc.
PY - 2022/9
Y1 - 2022/9
N2 - Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company's security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.
AB - Cybersecurity comment letters issued by the Securities and Exchange Commission (SEC) may ask companies to disclose additional or clarifying information about their cybersecurity incidents, risks, and corresponding controls, where appropriate. Although responding to the comment letter in the form of disclosing more information about cybersecurity can better signal a company's security posture to investors and comply with regulations, it may also expose a company to higher levels of cybersecurity risks because of disclosing proprietary cybersecurity information. Using a sample consisting of 52 cybersecurity comment letters issued between 2011 and 2019 and their no-letter-matched companies, our findings suggest that comment letter companies change their disclosures regarding cybersecurity, as required by the SEC. However, as shown in the short-term cumulative abnormal returns around response letter days, the stock market reacts negatively to the responses. Our results provide policy implications by showing that market participants may not react positively to transparency.
KW - Comment letter
KW - Cybersecurity
KW - Risk factor disclosure
UR - http://www.scopus.com/inward/record.url?scp=85135847345&partnerID=8YFLogxK
U2 - 10.1016/j.accinf.2022.100567
DO - 10.1016/j.accinf.2022.100567
M3 - 通訊期刊論文
AN - SCOPUS:85135847345
SN - 1467-0895
JO - International Journal of Accounting Information Systems
JF - International Journal of Accounting Information Systems
M1 - 100567
ER -