We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Board of directors' attributes and aspects of cybersecurity disclosure.
- Authors
Héroux, Sylvie; Fortin, Anne
- Abstract
As cybersecurity is a critical risk issue for organizations, cybersecurity disclosure is important for financial regulators, financial analysts, shareholders, and other stakeholders. Organizations face challenges when deciding whether, what, and when cybersecurity-related information should be disclosed. Prior studies have contributed few insights regarding the potential determinants of cybersecurity disclosure. Furthermore, their findings are based on a general or narrow measurement of this disclosure. This study draws on upper echelons and signaling theories to examine the association between various board of directors' characteristics and extent of overall cybersecurity disclosure and its individual aspects. Extent of cybersecurity disclosure is measured based on a content analysis of annual financial regulatory filings of the 250 companies listed on the S&P/TSX Composite Index, using a scoring grid of 40 items grouped into seven categories representing different aspects of cybersecurity disclosure. This expanded disclosure measurement provides original insights for firms and their stakeholders. The main findings indicate that the presence of a committee responsible for cybersecurity on the board of directors is key to increasing cybersecurity disclosure. With or without such a committee, board IT expertise, board tenure, board independence, women directors, and board age are associated with the extent of total cybersecurity disclosure or some of its specific aspects, particularly cybersecurity risk mitigation. These findings contribute to the cybersecurity literature by examining which board of directors' characteristics influence the extent of specific aspects of cybersecurity disclosure. They also complement results from upper echelons-based studies on corporate reporting determinants and prior IT governance studies.
- Subjects
STANDARD &; Poor's Financial Services LLC; BOARDS of directors; INFORMATION technology management; DISCLOSURE; INTERNET security; OUTSIDE directors of corporations; CORPORATION reports; NONDISCLOSURE
- Publication
Journal of Management & Governance, 2024, Vol 28, Issue 2, p359
- ISSN
1385-3457
- Publication type
Article
- DOI
10.1007/s10997-022-09660-7