Bernold Nieuwesteeg (Erasmus University Rotterdam)
Eva Eijkelenboom (Erasmus University Rotterdam)
This paper studies the annual reports of 75 listed firms in the Netherlands in relation to the disclosure of cybersecurity information from a financial law and economics perspective in four consecutive financial years (2018-2021). Also, we study legislative developments (especially in the US) regarding cybersecurity disclosure requirements. Furthermore, we discuss the social and private costs and benefits of cybersecurity transparency. We draft hypotheses regarding the actual disclosure of cybersecurity information and propose a research design of an empirical study covering four financial years. The results of our study show that over time disclosing information regarding cybersecurity increases. However, the information value of the disclosures could improve since companies still disclose mostly technical measures that are hard to compare. In order for these efforts to have a social benefits, harmonization efforts need to be made.