Michele Frank, Jonathan Grenier, Jonathan S. Pyzoha, Natalie Zielinski
{"title":"加强网络安全风险管理报告和独立保证的意义","authors":"Michele Frank, Jonathan Grenier, Jonathan S. Pyzoha, Natalie Zielinski","doi":"10.2308/ciia-2022-018","DOIUrl":null,"url":null,"abstract":"SUMMARY According to the World Economic Forum (WEF) (2022), cybersecurity risk is the most immediate and financially material sustainability risk that organizations face. Companies experience significant financial and reputational losses in the market after a cyberattack. However, companies are only required to disclose a trivial amount of information about their cybersecurity risk management efforts (SEC 2014; Newman 2018). This paper summarizes Frank, Grenier, and Pyzoha (2019), which examines whether voluntarily providing additional disclosures regarding a company’s cybersecurity efforts, with or without assurance, increases investment attractiveness. Absent assurance, voluntary disclosures about the nature and effectiveness of cybersecurity efforts are sufficient to increase investment attractiveness for companies that have not (versus have) disclosed a prior cyberattack, as investors are less likely to question the disclosure’s reliability. Assurance provides a greater benefit to companies that have (versus have not) disclosed a prior cyberattack, as they benefit more from the reliability enhancement of assurance.","PeriodicalId":44019,"journal":{"name":"Current Issues in Auditing","volume":"30 1","pages":"0"},"PeriodicalIF":0.8000,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Implications of Enhanced Cybersecurity Risk Management Reporting and Independent Assurance\",\"authors\":\"Michele Frank, Jonathan Grenier, Jonathan S. Pyzoha, Natalie Zielinski\",\"doi\":\"10.2308/ciia-2022-018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SUMMARY According to the World Economic Forum (WEF) (2022), cybersecurity risk is the most immediate and financially material sustainability risk that organizations face. Companies experience significant financial and reputational losses in the market after a cyberattack. However, companies are only required to disclose a trivial amount of information about their cybersecurity risk management efforts (SEC 2014; Newman 2018). This paper summarizes Frank, Grenier, and Pyzoha (2019), which examines whether voluntarily providing additional disclosures regarding a company’s cybersecurity efforts, with or without assurance, increases investment attractiveness. Absent assurance, voluntary disclosures about the nature and effectiveness of cybersecurity efforts are sufficient to increase investment attractiveness for companies that have not (versus have) disclosed a prior cyberattack, as investors are less likely to question the disclosure’s reliability. Assurance provides a greater benefit to companies that have (versus have not) disclosed a prior cyberattack, as they benefit more from the reliability enhancement of assurance.\",\"PeriodicalId\":44019,\"journal\":{\"name\":\"Current Issues in Auditing\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.8000,\"publicationDate\":\"2023-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Current Issues in Auditing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2308/ciia-2022-018\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Current Issues in Auditing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2308/ciia-2022-018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
Implications of Enhanced Cybersecurity Risk Management Reporting and Independent Assurance
SUMMARY According to the World Economic Forum (WEF) (2022), cybersecurity risk is the most immediate and financially material sustainability risk that organizations face. Companies experience significant financial and reputational losses in the market after a cyberattack. However, companies are only required to disclose a trivial amount of information about their cybersecurity risk management efforts (SEC 2014; Newman 2018). This paper summarizes Frank, Grenier, and Pyzoha (2019), which examines whether voluntarily providing additional disclosures regarding a company’s cybersecurity efforts, with or without assurance, increases investment attractiveness. Absent assurance, voluntary disclosures about the nature and effectiveness of cybersecurity efforts are sufficient to increase investment attractiveness for companies that have not (versus have) disclosed a prior cyberattack, as investors are less likely to question the disclosure’s reliability. Assurance provides a greater benefit to companies that have (versus have not) disclosed a prior cyberattack, as they benefit more from the reliability enhancement of assurance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
