Cybersecurity Risk
通过文本分析比较被黑客攻击与未被攻击公司的网络安全风险披露,提出针对美国上市公司的网络安全风险度量指标,并发现该风险在股票回报中被定价,高暴露公司年均超额收益达8.3%。
Abstract Based on textual analysis and a comparison of cybersecurity risk disclosures of firms that were hacked to others that were not, we propose a novel firm-level measure of cybersecurity risk for all U.S.-listed firms. We then examine whether cybersecurity risk is priced in the cross-section of stock returns. Portfolios of firms with high exposure to cybersecurity risk outperform other firms, on average, by up to 8.3$\%$ per year. Yet, high-exposure firms perform poorly in periods of high cybersecurity risk. Reassuringly, the measure is higher in information-technology industries, correlates with characteristics linked to firms hit by cyberattacks, and predicts future cyberattacks. Authors have furnished an Internet Appendix, which is available on the Oxford University Press Web site next to the link to the final published paper online