Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis

IF 2 4区 管理学 Q2 BUSINESS, FINANCE
Wanying Jiang
{"title":"Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis","authors":"Wanying Jiang","doi":"10.2308/isys-2023-019","DOIUrl":null,"url":null,"abstract":"\n Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk.\n Data Availability: Data are available from the public sources cited in the text.","PeriodicalId":46998,"journal":{"name":"Journal of Information Systems","volume":" 11","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2308/isys-2023-019","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}
引用次数: 0

Abstract

Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk. Data Availability: Data are available from the public sources cited in the text.
网络安全风险与审计定价--基于机器学习的分析
网络安全风险是一个日益严重的商业威胁。然而,对其评估的关注却很少。本研究提出了一种机器学习算法,该算法考虑了公司网络安全风险披露、信息技术治理、财务分析师和审计师的外部监控以及公司的一般特征,以估算网络安全风险(即公司在一年内遭遇数据泄露的可能性)。这一指标优于逻辑回归模型得出的指标,在更容易受到网络攻击的行业中更高,并能有效预测未来的数据泄露和公司使用网络安全保险的情况。我还研究了审计师是否在业务规划过程中考虑了公司的网络安全风险,发现网络安全风险平均增加一个百分点,审计费用就会增加 1.15%。此外,只有当客户的网络安全风险增加时,审计师才会在数据泄露后收取额外费用。数据可用性:数据可从文中引用的公共来源获取。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Systems
Journal of Information Systems BUSINESS, FINANCE-
CiteScore
3.90
自引率
21.10%
发文量
26
期刊介绍: The Journal of Information Systems (JIS) is the academic journal of the Accounting Information Systems (AIS) Section of the American Accounting Association. Its goal is to support, promote, and advance Accounting Information Systems knowledge. The primary criterion for publication in JIS is contribution to the accounting information systems (AIS), accounting and auditing domains by the application or understanding of information technology theory and practice. AIS research draws upon and is informed by research and practice in management information systems, computer science, accounting, auditing as well as cognate disciplines including philosophy, psychology, and management science. JIS welcomes research that employs a wide variety of research methods including qualitative, field study, case study, behavioral, experimental, archival, analytical and markets-based.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信