SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors

Bao, 2014, Simultaneously discovering and quantifying risk types from textual risk disclosures, Manag. Sci., 60, 1371, 10.1287/mnsc.2014.1930 Beatty, 2015 Benaroch, 2012, An internal control perspective on the market value consequences of IT operational risk events, Int. J. Account. Inf. Syst., 13, 357, 10.1016/j.accinf.2012.03.001 Bennett, 2015 Beyer, 2010, The financial reporting environment: review of the recent literature, J. Account. Econ., 50, 296, 10.1016/j.jacceco.2010.10.003 Brown, 2011, Large-sample evidence on firms' year-over-year MD&A modifications, J. Account. Res., 49, 309, 10.1111/j.1475-679X.2010.00396.x Brown, 2015 Campbell, 2014, The information content of mandatory risk factor disclosures in corporate filings, Rev. Acc. Stud., 19, 396, 10.1007/s11142-013-9258-3 CISCO, 2017 Doyle, 2007, Determinants of weaknesses in internal control over financial reporting, J. Account. Econ., 44, 193, 10.1016/j.jacceco.2006.10.003 Ettredge, 2003, Information transfer among internet firms: the case of hacker attacks, J. Inf. Syst., 17, 71 Feng, 2017, CIO risk appetite and information security management Ferraro, 2013, Groundbreaking'or broken? Filzen, 2015, The information content of risk factor disclosures in quarterly reports, Account. Horiz., 29, 887, 10.2308/acch-51175 Filzen, 2016 Gaulin, 2017 Gordon, 2010, Market value of voluntary disclosures concerning information security, MIS Q., 34, 567, 10.2307/25750692 Gordon, 2011, The impact of information security breaches: has there been a downward shift in costs?, J. Comput. Secur., 19, 33, 10.3233/JCS-2009-0398 Grant, 2014, SEC cybersecurity disclosure guidance is quickly becoming a requirement, CPA J., 84, 69 Hilary, 2017 Hope, 2016, The benefits of specific risk-factor disclosures, Rev. Acc. Stud., 21, 1005, 10.1007/s11142-016-9371-1 Hsu, 2014, Composition of the top management team and information security breaches Hsu, 2014, Exploring the association between board structure and information security breaches, Asia-Pac. J. Inf. Sys., 24, 531 Hsu, 2015, Board busyness and information security risk management Johnson, 2010 Ke, 2003, What insiders know about future earnings and how they use it: evidence from insider trades, J. Account. Econ., 35, 315, 10.1016/S0165-4101(03)00036-3 Kothari, 2009, The effect of disclosures by management, analysts, and business press on cost of capital, return volatility, and analyst forecasts: a study using content analysis, J. Account. Econ., 84, 1639 Kothari, 2009, Do managers withhold bad news?, J. Account. Res., 47, 241, 10.1111/j.1475-679X.2008.00318.x Kravet, 2013, Textual risk disclosures and investors' risk perceptions, Rev. Acc. Stud., 18, 1088, 10.1007/s11142-013-9228-9 Kwon, 2013, The association between top management involvement and compensation and information security breaches, J. Inf. Syst., 27, 219 Lawrence, 2016 Loop, 2016, Cybersecurity and the board: 8 issues keeping directors up at night, Wall Street J. Public Company Accounting Oversight Board Reuters, 2005 Robbins, 2005, Writing effective risk factor disclosure in offering documents and exchange act reports, 19(5) Securities and Exchange Commission (SEC), 2005 Securities and Exchange Commission (SEC), 2010. 17 CFR PARTS 211, 231 and 241. Release Nos. 33-9106; 34-61469; FR-82. Securities and Exchange Commission (SEC), 2011 Securities and Exchange Commission (SEC) Sheneman, 2017 Shumsky, 2016, Corporate judgment call: when to disclose you've been hacked, Wall Street J. Skinner, 1994, Why firms voluntarily disclose bad news, J. Account. Res., 32, 38, 10.2307/2491386 Verrecchia, 2001, Essays on disclosure, J. Account. Econ., 32, 97, 10.1016/S0165-4101(01)00025-8 Wang, 2013, The association between the disclosure and the realization of information security risk factors, Inf. Syst. Res., 24, 201, 10.1287/isre.1120.0437 Wang, 2013, Investors' reactions to information security incidents and profitable short-term investment opportunities, J. Organ. Comput. Electron. Commer., 23, 1, 10.1080/10919392.2013.807712 Yayla, 2011, The impact of information security events on the stock value of firms: the effect of contingency factors, J. Inf. Technol., 26, 60, 10.1057/jit.2010.4