Abstract

This dissertation comprises three experimental studies that explore how management's financial disclosure behavior and security strategies influence the costs associated with cybersecurity breaches. The first study examines the cost of litigation in connection with cybersecurity incidents. The purpose of this study is to determine how the characteristics and content of cybersecurity incidents' disclosure affects jurors' liability assessments. Specifically, this study explores how jurors react to management timeliness in disclosing the incident and the plausibility of the explanations provided to justify the disclosure strategy. The second and third studies explore the value relevance of cybersecurity risk management (CRM) assurance. In particular, the second study examines whether engagement in voluntary assurance over CRM before the occurrence of an incident affects investors' reactions after the incident, and whether these reactions differ based on whether assurance is expected or not expected based on industry norms. The third study scrutinizes how perceptions of disclosure timeliness affect investor decisions and explores the use of CRM assurance as a potential tool to mitigate the deleterious effects of delayed disclosures of cybersecurity incidents. Overall, the results reported in this dissertation suggest that timely disclosure of a cybersecurity breach reduces liability, improves management credibility assessments, and results in higher valuation judgments. Moreover, the findings reveal that CRM assurance further leads to enhanced management credibility assessments and valuation judgments and that the impact of CRM assurance is particularly beneficial when not necessarily expected for the industry. In combination, these three studies address calls for research exploring the costs of cybersecurity and inform regulators currently engaged in developing both cybersecurity disclosure requirements and voluntary assurance services designed to address stakeholders' information needs regarding companies' cybersecurity activities. These studies also add to the literature and theory documenting the link between disclosure timeliness and litigation risk, and the value of voluntary assurance services.

Graduation Date

2019

Semester

Summer

Advisor

Sutton, Steven

Degree

Doctor of Philosophy (Ph.D.)

College

College of Business Administration

Degree Program

Business Administration; Accounting Track

Format

application/pdf

Identifier

CFE0007689

URL

http://purl.fcla.edu/fcla/etd/CFE0007689

Language

English

Release Date

8-15-2019

Length of Campus-only Access

None

Access Status

Doctoral Dissertation (Open Access)

Included in

Accounting Commons

Share

COinS