网络安全风险与审计定价--基于机器学习的分析

IF 2 4区管理学 Q2 BUSINESS, FINANCE

Journal of Information Systems Pub Date : 2024-01-01 DOI:10.2308/isys-2023-019

Wanying Jiang

{"title":"网络安全风险与审计定价--基于机器学习的分析","authors":"Wanying Jiang","doi":"10.2308/isys-2023-019","DOIUrl":null,"url":null,"abstract":"\n Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk.\n Data Availability: Data are available from the public sources cited in the text.","PeriodicalId":46998,"journal":{"name":"Journal of Information Systems","volume":" 11","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis\",\"authors\":\"Wanying Jiang\",\"doi\":\"10.2308/isys-2023-019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\n Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk.\\n Data Availability: Data are available from the public sources cited in the text.\",\"PeriodicalId\":46998,\"journal\":{\"name\":\"Journal of Information Systems\",\"volume\":\" 11\",\"pages\":\"\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.2308/isys-2023-019\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"BUSINESS, FINANCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.2308/isys-2023-019","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"BUSINESS, FINANCE","Score":null,"Total":0}

引用次数: 0

摘要

网络安全风险是一个日益严重的商业威胁。然而，对其评估的关注却很少。本研究提出了一种机器学习算法，该算法考虑了公司网络安全风险披露、信息技术治理、财务分析师和审计师的外部监控以及公司的一般特征，以估算网络安全风险（即公司在一年内遭遇数据泄露的可能性）。这一指标优于逻辑回归模型得出的指标，在更容易受到网络攻击的行业中更高，并能有效预测未来的数据泄露和公司使用网络安全保险的情况。我还研究了审计师是否在业务规划过程中考虑了公司的网络安全风险，发现网络安全风险平均增加一个百分点，审计费用就会增加 1.15%。此外，只有当客户的网络安全风险增加时，审计师才会在数据泄露后收取额外费用。数据可用性：数据可从文中引用的公共来源获取。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis

Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk. Data Availability: Data are available from the public sources cited in the text.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Systems BUSINESS, FINANCE-

CiteScore

3.90

自引率

21.10%

发文量

期刊介绍： The Journal of Information Systems (JIS) is the academic journal of the Accounting Information Systems (AIS) Section of the American Accounting Association. Its goal is to support, promote, and advance Accounting Information Systems knowledge. The primary criterion for publication in JIS is contribution to the accounting information systems (AIS), accounting and auditing domains by the application or understanding of information technology theory and practice. AIS research draws upon and is informed by research and practice in management information systems, computer science, accounting, auditing as well as cognate disciplines including philosophy, psychology, and management science. JIS welcomes research that employs a wide variety of research methods including qualitative, field study, case study, behavioral, experimental, archival, analytical and markets-based.