Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis
Cyber risk disclosure has received significant attention recently, but it is still not examined in empirical research investigating companies’ cyber risk disclosure practices. This research aims to explore the gap in the literature and examines cyber risk disclosure in the annual reports, corporate...
| Main Author: | |
|---|---|
| Format: | Dissertation (University of Nottingham only) |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | https://eprints.nottingham.ac.uk/46205/ |
| _version_ | 1848797278974771200 |
|---|---|
| author | Al Lawati, Taha Mustafa Mohsin |
| author_facet | Al Lawati, Taha Mustafa Mohsin |
| author_sort | Al Lawati, Taha Mustafa Mohsin |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Cyber risk disclosure has received significant attention recently, but it is still not examined in empirical research investigating companies’ cyber risk disclosure practices. This research aims to explore the gap in the literature and examines cyber risk disclosure in the annual reports, corporate governance statements and guidelines and proxy statements in a sample of 10 U.S. information technology companies using a sentence analysis approach. The data was derived solely from these documents and their contents were analyzed to identify cyber risk disclosures. The findings show that all disclosures related to cyber risk are qualitative in nature. There is no attempt to quantify cyber risk by any means nor to assign a probability of cyber risk materializing. Also, there is no significant correlation between having a director with a direct specialist expertise and the quality of cyber risk disclosure. Similarly, not mentioning cyber risk in corporate governance guidelines and statement have no significant correlation with the quality of cyber risk disclosure in annual reports. Nevertheless, the companies exhibit readiness to disclose forward-looking information. In addition, there is a positive correlation between designating a committee to be responsible for cyber risk with the quality of cyber risk disclosure. Overall, cyber risk disclosures are commonplace and bland and lacked the depth required for clearly understanding the companies’ exposure to cyber risk. |
| first_indexed | 2025-11-14T20:01:21Z |
| format | Dissertation (University of Nottingham only) |
| id | nottingham-46205 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T20:01:21Z |
| publishDate | 2017 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-462052018-04-17T15:06:16Z https://eprints.nottingham.ac.uk/46205/ Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis Al Lawati, Taha Mustafa Mohsin Cyber risk disclosure has received significant attention recently, but it is still not examined in empirical research investigating companies’ cyber risk disclosure practices. This research aims to explore the gap in the literature and examines cyber risk disclosure in the annual reports, corporate governance statements and guidelines and proxy statements in a sample of 10 U.S. information technology companies using a sentence analysis approach. The data was derived solely from these documents and their contents were analyzed to identify cyber risk disclosures. The findings show that all disclosures related to cyber risk are qualitative in nature. There is no attempt to quantify cyber risk by any means nor to assign a probability of cyber risk materializing. Also, there is no significant correlation between having a director with a direct specialist expertise and the quality of cyber risk disclosure. Similarly, not mentioning cyber risk in corporate governance guidelines and statement have no significant correlation with the quality of cyber risk disclosure in annual reports. Nevertheless, the companies exhibit readiness to disclose forward-looking information. In addition, there is a positive correlation between designating a committee to be responsible for cyber risk with the quality of cyber risk disclosure. Overall, cyber risk disclosures are commonplace and bland and lacked the depth required for clearly understanding the companies’ exposure to cyber risk. 2017-09-14 Dissertation (University of Nottingham only) NonPeerReviewed application/pdf en https://eprints.nottingham.ac.uk/46205/1/Cyber%20Risk%20Disclosure%20Practice%20in%20Top%2010%20U.S.%20Information%20Technology%20Companies%20An%20Empirical%20Analysis.pdf Al Lawati, Taha Mustafa Mohsin (2017) Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis. [Dissertation (University of Nottingham only)] Risk Management Cyber Risk Cyber Risk Disclosure Reporting Cyber Security |
| spellingShingle | Risk Management Cyber Risk Cyber Risk Disclosure Reporting Cyber Security Al Lawati, Taha Mustafa Mohsin Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title | Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title_full | Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title_fullStr | Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title_full_unstemmed | Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title_short | Cyber Risk Disclosure Practice in Top 10 U.S. Information Technology Companies: An Empirical Analysis |
| title_sort | cyber risk disclosure practice in top 10 u.s. information technology companies: an empirical analysis |
| topic | Risk Management Cyber Risk Cyber Risk Disclosure Reporting Cyber Security |
| url | https://eprints.nottingham.ac.uk/46205/ |