Digital Insiders and Informed Trading Before Earnings Announcements

While it is widely acknowledged that companies face increasing cybersecurity risk stemming from hackers stealing customer information, a relatively unknown cybersecurity risk is from information leakage and subsequent trading by digital insiders – hackers who target corporations to obtain non-public corporate information for illegal trading. We use a firm-specific measure of cybersecurity risk mitigation based on textual analysis of 10-Ks to proxy for the organization’s ability to reduce the probability of digital insider trading. We find that a larger share of new earnings information is incorporated into prices prior to earnings announcements for firms with low cybersecurity risk mitigation scores. We also find that pre-announcement trading by short sellers is more predictive of earnings surprises for firms with low cybersecurity risk mitigation. Further, on days closer to earnings announcements, firms with relatively low cybersecurity risk mitigation scores experience a larger increase in bid-ask spreads, particularly the adverse selection component. These results suggest that weak cybersecurity risk mitigation provides opportunities for acquisition of private information and that trading by privately informed traders is more likely in stocks of firms with higher exposure to cybercrimes.