This dissertation comprises three experimental studies that explore how management's financial disclosure behavior and security strategies influence the costs associated with cybersecurity breaches. The first study examines the cost of litigation in connection with cybersecurity incidents. The purpose of this study is to determine how the characteristics and content of cybersecurity incidents' disclosure affects jurors' liability assessments. Specifically, this study explores how jurors react to management timeliness in disclosing the incident and the plausibility of the explanations provided to justify the disclosure strategy. The second and third studies explore the value relevance of cybersecurity risk management (CRM) assurance. In particular, the second study examines whether engagement in voluntary assurance over CRM before the occurrence of an incident affects investors' reactions after the incident, and whether these reactions differ based on whether assurance is expected or not expected based on industry norms. The third study scrutinizes how perceptions of disclosure timeliness affect investor decisions and explores the use of CRM assurance as a potential tool to mitigate the deleterious effects of delayed disclosures of cybersecurity incidents. Overall, the results reported in this dissertation suggest that timely disclosure of a cybersecurity breach reduces liability, improves management credibility assessments, and results in higher valuation judgments. Moreover, the findings reveal that CRM assurance further leads to enhanced management credibility assessments and valuation judgments and that the impact of CRM assurance is particularly beneficial when not necessarily expected for the industry. In combination, these three studies address calls for research exploring the costs of cybersecurity and inform regulators currently engaged in developing both cybersecurity disclosure requirements and voluntary assurance services designed to address stakeholders' information needs regarding companies' cybersecurity activities. These studies also add to the literature and theory documenting the link between disclosure timeliness and litigation risk, and the value of voluntary assurance services.
Doctor of Philosophy (Ph.D.)
College of Business Administration
Business Administration; Accounting Track
Length of Campus-only Access
Doctoral Dissertation (Open Access)
Navarro Velez, Patricia, "Three Studies on Cybersecurity Disclosure and Assurance" (2019). Electronic Theses and Dissertations. 6541.