Cybersecurity Risk

We develop a novel firm-level measure of cybersecurity risk using textual analysis of cybersecurity-risk disclosures in corporate filings. The measure successfully identifies firms extensively discussing cybersecurity risk in their 10-K, displays intuitive relations with quantitative measures of cybersecurity risk disclosure language, exhibits a positive trend over time, is more prevalent among industries relying more on information technology systems, correlates with several characteristics linked to firms hit by cyber attacks and, importantly, predicts future cyber attacks. Stocks with high exposure to cybersecurity risk exhibit high expected returns on average, but they perform poorly in periods of increasing attention to cybersecurity risk.

View Working Paper View On SSRN View Research Brief

Related People

Michael Weber

Related Insights

Cybersecurity Risk

Research Briefs

BFI Data Studio

Podcasts

Videos

Upcoming Events

Fall 2025 Behavioral Economics Seminar Series

Human Capital for Humans: An Accessible Introduction to the Economic Science of People

BFI Student Lunch Series – Talk as Capital: Using Behavioral Science and Technology to Make Everyday Conversations an Investment in Children’s Skills

More on this topic

The Promise of Digital Technology and Generative AI for Supporting Parenting Interventions in Latin America

Chat2Learn: A Proof-of-Concept Evaluation of a Technology-Based Tool to Enhance Parent-Child Language Interaction

Artificial Writing and Automated Detection