强制要求及时披露网络安全事件是否存在权衡?来自州级数据泄露披露法的证据

IF 3.9 Q1 Mathematics

Journal of Finance and Data Science Pub Date : 2022-11-01 DOI:10.1016/j.jfds.2022.08.001

Musaib Ashraf, John (Xuefeng) Jiang, Isabel Yanyan Wang

{"title":"强制要求及时披露网络安全事件是否存在权衡?来自州级数据泄露披露法的证据","authors":"Musaib Ashraf, John (Xuefeng) Jiang, Isabel Yanyan Wang","doi":"10.1016/j.jfds.2022.08.001","DOIUrl":null,"url":null,"abstract":"<div><p>On March 23, 2022, the SEC proposed that firms publicly disclose their cybersecurity incidents within four days of discovery. In the U.S., state-level data breach disclosure laws require firms to disclose the occurrence of a data breach, with some mandating disclosure within a deadline while others do not. Exploiting this state-level variation in disclosure deadlines, we find that, when facing a deadline, firms disclose a data breach 90 percent faster but are 58 percent less likely to disclose breach details. Investors respond negatively to delayed breach disclosures but are forgiving of a delay when it is used to gather more breach details. Our study highlights the trade-offs of mandating a disclosure deadline for cybersecurity incidents.</p></div>","PeriodicalId":36340,"journal":{"name":"Journal of Finance and Data Science","volume":"8 ","pages":"Pages 202-213"},"PeriodicalIF":3.9000,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2405918822000101/pdfft?md5=12292f55581a3ddd898da95c706a8ab9&pid=1-s2.0-S2405918822000101-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws\",\"authors\":\"Musaib Ashraf, John (Xuefeng) Jiang, Isabel Yanyan Wang\",\"doi\":\"10.1016/j.jfds.2022.08.001\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>On March 23, 2022, the SEC proposed that firms publicly disclose their cybersecurity incidents within four days of discovery. In the U.S., state-level data breach disclosure laws require firms to disclose the occurrence of a data breach, with some mandating disclosure within a deadline while others do not. Exploiting this state-level variation in disclosure deadlines, we find that, when facing a deadline, firms disclose a data breach 90 percent faster but are 58 percent less likely to disclose breach details. Investors respond negatively to delayed breach disclosures but are forgiving of a delay when it is used to gather more breach details. Our study highlights the trade-offs of mandating a disclosure deadline for cybersecurity incidents.</p></div>\",\"PeriodicalId\":36340,\"journal\":{\"name\":\"Journal of Finance and Data Science\",\"volume\":\"8 \",\"pages\":\"Pages 202-213\"},\"PeriodicalIF\":3.9000,\"publicationDate\":\"2022-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2405918822000101/pdfft?md5=12292f55581a3ddd898da95c706a8ab9&pid=1-s2.0-S2405918822000101-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Finance and Data Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2405918822000101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Mathematics\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Finance and Data Science","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2405918822000101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 0

摘要

2022年3月23日，美国证券交易委员会提议，公司在发现网络安全事件后的四天内公开披露其网络安全事件。在美国，州级数据泄露披露法要求公司披露数据泄露的发生情况，有些州要求在最后期限内披露，而有些州则没有。利用各州在披露截止日期上的差异，我们发现，当面临截止日期时，公司披露数据泄露的速度要快90%，但披露泄露细节的可能性要低58%。投资者对延迟披露违规行为的反应是负面的，但如果是为了收集更多的违规细节，他们会原谅延迟。我们的研究强调了强制网络安全事件披露截止日期的权衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Are there trade-offs with mandating timely disclosure of cybersecurity incidents? Evidence from state-level data breach disclosure laws

On March 23, 2022, the SEC proposed that firms publicly disclose their cybersecurity incidents within four days of discovery. In the U.S., state-level data breach disclosure laws require firms to disclose the occurrence of a data breach, with some mandating disclosure within a deadline while others do not. Exploiting this state-level variation in disclosure deadlines, we find that, when facing a deadline, firms disclose a data breach 90 percent faster but are 58 percent less likely to disclose breach details. Investors respond negatively to delayed breach disclosures but are forgiving of a delay when it is used to gather more breach details. Our study highlights the trade-offs of mandating a disclosure deadline for cybersecurity incidents.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Finance and Data Science Mathematics-Statistics and Probability

CiteScore

3.90

自引率

0.00%

发文量

审稿时长

30 days