PublisherThe University of Arizona.
RightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
AbstractThis study investigates whether cyber risk has an impact on corporate governance. Specifically, it studies if firms that experience a data breach are more likely to make new disclosures related to corporate governance cyber risk responsibility in periods immediately following the breach, compared to firms that did not experience a data breach. Because cyber risk is becoming a more significant issue in the business world, it is expected that a breach will prompt companies to signal to the market that they are serious about the issue, by disclosing new responsibilities in their board level committees. The results indicate that while the difference in new disclosures in the year following the breach is supportive of my hypothesis, the breaches are not significant to the subsequent disclosures. This research contributes to cybersecurity and accounting literature and can be used by firms’ board of directors and investors to attempt to understand the impact of cybersecurity on the corporate governance structure.