Leveraging Emerging Cybersecurity Reporting Regulations: The Effect of Industry Driven Expectations for Voluntary Assurance
研究在网络安全漏洞披露后,专业会计事务所提供的自愿保证如何影响非专业投资者的判断,以及行业预期如何改变这种保证的价值相关性。
SYNOPSIS As the associated costs, business impacts, and high variability of cybersecurity disclosures capture the attention of regulators, we are witnessing a rapid emergence of proposals for new reporting requirements, such as recent SEC proposed disclosure guidelines and legislation being passed in both the EU and U.S. Within the context of cyber-breach disclosure, this study investigates how voluntary assurance provided by professional accounting firms affects nonprofessional investors’ judgments and decisions after the disclosure of a cybersecurity breach—an inevitable event. The study also examines how value relevance of voluntary assurance is altered when having such assurance is expected/unexpected given the company’s industry. We find expectancy violations, based on industry norms and investors’ perceived benefits of voluntary assurance, significantly influence investors’ judgments. This study begins to address questions on whether demand exists for voluntary assurance provided by professional accounting firms, particularly given lingering concerns over the viability of new forms of assurance. Data Availability: Data are available from the authors upon request. JEL Classifications: M41; M42; O31; O33.