Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws
The Journal of Finance and Data Science(2022)
摘要
On March 23, 2022, the SEC proposed that firms publicly disclose their cybersecurity incidents within four days of discovery. In the U.S., state-level data breach disclosure laws require firms to disclose the occurrence of a data breach, with some mandating disclosure within a deadline while others do not. Exploiting this state-level variation in disclosure deadlines, we find that, when facing a deadline, firms disclose a data breach 90 percent faster but are 58 percent less likely to disclose breach details. Investors respond negatively to delayed breach disclosures but are forgiving of a delay when it is used to gather more breach details. Our study highlights the trade-offs of mandating a disclosure deadline for cybersecurity incidents.
更多查看译文
关键词
Cybersecurity,Data breach,Disclosure,Regulation,Disclosure deadline,U.S. Securities and Exchange Commission (SEC),Data breach disclosure laws,Information technology
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要