BFI Working Paper·Dec 14, 2020

Cybersecurity Risk

Chris Florakis, Christodoulos Louca, Roni Michaely, and Michael Weber

We develop a novel firm-level measure of cybersecurity risk using textual analysis of cybersecurity-risk disclosures in corporate filings. The measure successfully identifies firms extensively discussing cybersecurity risk in their 10-K, displays intuitive relations with quantitative measures of cybersecurity risk disclosure language, exhibits a positive trend over time, is more prevalent among industries relying more on information technology systems, correlates with several characteristics linked to firms hit by cyber attacks and, importantly, predicts future cyber attacks. Stocks with high exposure to cybersecurity risk exhibit high expected returns on average, but they perform poorly in periods of increasing attention to cybersecurity risk. 

View Working Paper View On SSRN View Research Brief
Related People
Related Insights

More on this topic

BFI Working Paper·Jun 2, 2026

Non-User Externalities

Leonardo Bursztyn, Jan Fasnacht, Benjamin R. Handel, Rafael Jiménez-Durán, Aaron Leonard, Filip Milojević, Christopher Roth, and Cass R. Sunstein
Topics: Technology & Innovation
BFI Working Paper·Jun 2, 2026

Beyond Exposure: Predicting AI Adoption Based on Comparative Advantage

Ilse Lindenlaub, Ryungha Oh, María Alejandra Rodríguez, and Laura Veldkamp
Topics: Technology & Innovation
BFI Working Paper·May 28, 2026

Serial Innovators

David Galenson
Topics: Technology & Innovation