The Impact of the Type of Cybersecurity Assurance Service and Cybersecurity Incidents on Investor Perceptions and Decisions
研究美国注册会计师协会的网络安全检查服务如何影响投资者决策,发现只有在发生网络安全事件时,投资者才更愿意投资于接受全面检查的公司,且这种效应由投资者对鉴证质量的认知中介。
SUMMARY Regulators, investors, and boards of directors are increasingly demanding information about organizations’ cybersecurity risk management. I examine the effect of the AICPA’s voluntary cybersecurity examination service on investor perceptions and decisions. Similar to a previous AICPA IT-related assurance service called WebTrust that failed in the marketplace, cybersecurity examinations face competition from less comprehensive and less costly assurance services in a nonstandardized assurance market, and it is unclear whether investors will recognize the value provided by the more comprehensive assurance service. I find that investors are more willing to invest when management disclosures describe a cybersecurity examination compared with a less comprehensive assurance service but only if the assurance is in response to a cybersecurity incident. I also find that this effect is mediated by investor perceptions of assurance quality. I, however, do not find support for these same effects when the assurance is disclosed in the absence of an incident.