Investors Reactions to Cybersecurity Incidents: The Joint Effects of Disclosure Tone, Critical Audit Matters, and IT Knowledge
Tracks
Jade 2
Monday, July 1, 2024 |
9:35 AM - 10:00 AM |
Presenter
Dr Ashna Prasad
Senior Lecturer
Monash University
Investors Reactions to Cybersecurity Incidents: The Joint Effects of Disclosure Tone, Critical Audit Matters, and IT Knowledge
Abstract
We investigate whether investors reactions to management tone and auditor commentary related to a cybersecurity incident disclosure are contingent on investors’ level of knowledge of information technology (IT). We predict and find that investors with a high level of IT knowledge are more likely to invest when the cybersecurity risk disclosures are written in a neutral tone and a Critical Audit Matter (CAM) on the cybersecurity incident is present. In contrast, investors with a low level of IT knowledge are more likely to invest when the cybersecurity risk disclosures are written positively, and a CAM on the cybersecurity incident is absent. Our findings are relevant to management, auditors and regulators, who have expressed concerns about the adverse effect of cybersecurity risks and the quality of cybersecurity disclosures on investors.
Biography
Chair
Greg Shailer
Professor
The Australian National University
Discussant
Andrew Jackson
Scientia Associate Professor
UNSW Sydney