Working Paper: NBER ID: w28196
Authors: Chris Florackis; Christodoulos Louca; Roni Michaely; Michael Weber
Abstract: Using textual analysis and comparing cybersecurity-risk disclosures of firms that were hacked to others that were not, we propose a novel firm-level measure of cybersecurity risk for all US-listed firms. We then examine whether cybersecurity risk is priced in the cross-section of stock returns. Portfolios of firms with high exposure to cybersecurity risk outperform other firms, on average, by up to 8.3% per year. At the same time, high-exposure firms perform poorly in periods of high cybersecurity risk. Reassuringly, the measure is higher in information-technology industries, correlates with characteristics linked to firms hit by cyberattacks, and predicts future cyberattacks.
Keywords: No keywords provided
JEL Codes: G14; G31
Edges that are evidenced by causal inference methods are in orange, and the rest are in light blue.
| Cause | Effect |
|---|---|
| cybersecurity risk disclosures (K24) | stock returns (G12) |
| higher cybersecurity risk scores (K24) | future cyberattacks (K24) |
| cybersecurity risk exposure (K24) | stock performance during heightened risk (G17) |
| higher risk scores (D81) | negative cumulative abnormal returns (G12) |