Does Business Strategy Influence Cybersecurity Risk Disclosures?
研究基于Miles和Snow的战略类型学,发现采用探索者型战略的企业比防御者型企业披露更多网络安全风险,且公司治理特征会强化这一关系,进而提升企业价值。
Synopsis The research problem This study examines the influence of firms’ business strategies on their cybersecurity risk disclosures (CRDs). Motivations The exponential expansion of the digital economy and the increasing reliance on online data storage and processing have made cybersecurity breaches a critical issue for businesses worldwide. The disclosure of cybersecurity risks is vital in fostering transparency and communication between firms and external stakeholders. This study draws from the Miles and Snow ( 1978 ) strategic typology to explore how firms’ chosen strategies influence their CRDs. This investigation is important because firms that adopt a prospector- or a defender-type strategy have different strategic focuses, leading to varying degrees of exposure to cybersecurity risks. As a result, these firms have various incentives to engage in CRDs. By enhancing our understanding of CRDs’ determinants, this study provides insights into the way in which business strategies shape firms’ approaches to communicating cybersecurity risks. Despite the increasing scholarly attention paid to firms’ disclosure of cybersecurity risks, there remains a lack of literature concerning the factors influencing the extent of CRDs. Our study fills the gap in the literature by investigating how firms’ business strategies shape CRDs. By uncovering the influence of business strategies on CRDs, our study provides valuable insights into the information environment within firms. The test hypotheses Hypothesis 1a posits that firms adopting a prospector-type strategy are more likely to make more CRDs than firms following a defender-type strategy. Conversely, Hypothesis 1b suggests that firms with a prospector-type strategy are less inclined to provide extensive CRDs than their defender-type counterparts. Target population Regulators, investors, and other stakeholders. Adopted methodology Ordinary least squares regressions. Analyses Our independent variable of interest is business strategies, which we categorized into prospectors, analyzers, and defenders based on the Miles & Snow ( 1978 ) strategic typology. As our dependent variable, we employ the CRD score developed by Florackis et al. ( 2023 ), which utilizes machine learning-based textual analysis to quantify CRDs. As for the analysis of consequences, we use Tobin’s Q as an indicator of firm value. Findings We find that firms adopting a prospector-type strategy are more inclined to provide extensive CRDs than firms following a defender-type strategy. Moreover, we observe that the impact of business strategies on CRDs is heightened in firms with strong corporate governance attributes, including effective boards, robust internal controls, and the engagement of industry expert auditors or Big Four accounting firms. In addition, our findings indicate that the strengthened relationship between business strategies and CRDs contributes positively to firm value.