Transparency and Risk Assessment Reporting: A Case Study Sector Survey of Cybercrime Disclosures

A. J. Stagliano, George P. Sillup
(Erivan K. Haub School of Business, Saint Joseph’s University, Philadelphia, PA 19131-1395, USA)

Abstract: With electronic and computer crime on the rise, it is reasonable to ask how and what companies report to their shareholders about this new risk to their creation of value for owners. The U.S. Securities and Exchange Commission (SEC) recommended, in late 2011, that its registrants give careful attention to the need for disclosing costs and risks associated with cyber security. To assess the impact of the SEC guidance, this paper reports the outcome of an empirical investigation of cybercrime disclosures by the largest publicly held firms in the U.S. pharmaceutical industry. Our study encompasses firms holding about 96 percent of the industry’s assets that received nearly 97 percent of its yearly revenues. We conclude that little has changed over the recent five years with respect to financial disclosure of cybercrime risks. Notwithstanding the SEC reporting guidance, registrants in this $300 billion annual sales sector seem to have ignored or disregarded the call for voluntary disclosure about cybercrime threats, risks, and costs.

Key words: cybercrime; disclosure transparency; risk assessment; SEC disclosures

JEL codes: K22, L65, M48