Abstract

Regulators and standard setters have urged companies to enhance the informativeness of cybersecurity risk disclosures in financial statements. Managers also have the incentive to restore public trust in their ability through quality cybersecurity risk disclosures following a data breach. However, little is known about how cybersecurity risk disclosures may influence various stakeholders' attitudes and behavior. This study examines how the perceived presence of specificity of cybersecurity risk disclosures influences the behavioral intentions of different stakeholders (i.e., investors, users, and employees) through beliefs and attitudes. Additionally, the study examines and contrasts the role of two different types of ability-based trust (i.e., trust in protecting data, and trust in conducting transactions) that impact stakeholder intentions differently. The evidence from our experiment suggests that the perceived presence of specific disclosure elements influences behavior and intentions (for all three stakeholders, users, investors, and employees) through beliefs and attitudes.

Share

COinS