BFI Working Paper·Dec 14, 2020

Cybersecurity Risk

Chris Florakis, Christodoulos Louca, Roni Michaely, and Michael Weber

We develop a novel firm-level measure of cybersecurity risk using textual analysis of cybersecurity-risk disclosures in corporate filings. The measure successfully identifies firms extensively discussing cybersecurity risk in their 10-K, displays intuitive relations with quantitative measures of cybersecurity risk disclosure language, exhibits a positive trend over time, is more prevalent among industries relying more on information technology systems, correlates with several characteristics linked to firms hit by cyber attacks and, importantly, predicts future cyber attacks. Stocks with high exposure to cybersecurity risk exhibit high expected returns on average, but they perform poorly in periods of increasing attention to cybersecurity risk. 

View Working Paper View On SSRN View Research Brief
Related People
Related Insights

More on this topic

BFI Working Paper·May 12, 2026

Data Centers and Local Economies in the Age of AI: A Shift–Share Approach

Fernando Alvarez, David Argente, Joyce Chow, and Diana Van Patten
Topics: Technology & Innovation
BFI Working Paper·May 5, 2026

Automation, Learning, and Career Dynamics

Hassan Afrouzi, Andres Blanco, Andrés Drenik, and Erik Hurst
Topics: Technology & Innovation
BFI Working Paper·May 5, 2026

Technology Adoption and Optimal Policy

Fernando Alvarez, Francisco J. Buera, and Nicholas Trachter
Topics: Technology & Innovation