عنوان انگلیسی مقاله:
An analysis of cybersecurity in Dutch annual reports of listed companies
ترجمه فارسی عنوان مقاله:
تجزیه و تحلیل امنیت سایبری در گزارش های سالانه هلندی شرکت های فهرست شده
Sciencedirect - Elsevier - Computer Law & Security Review: The International Journal of Technology Law and Practice, 40 (2021) 105513: doi:10:1016/j:clsr:2020:105513
Keywords: Cybersecurity Financial law Annual report Information sharing Security regulationIn this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity related information and its effect on stakeholders and shareholders. We draft hypotheses regarding the actual disclosure of cy- bersecurity information and propose a research design of an exploring empirical study. The results of our study show that although there is no strict legal obligation to do so, 87% of the companies mention cybersecurity or similar words in their annual report in 2018. However, only 4 out of 75 companies disclosed more than six specific cybersecurity measures, while openness would generate the highest surplus for society from a social welfare perspective. Some major Dutch banks and employment agencies did not disclose any specific information with regard to their cybersecurity strategy, while those companies are highly vulnerable for cybersecurity incidents. This hampers the protection of creditors, investors and other stakeholders. Our analysis aims to propel the debate on stimulation of self-regulation or possible obligations in financial law concerning cybersecurity in annual reports.© 2020 E.V.A. Eijkelenboom and B.F.H. Nieuwesteeg. Published by Elsevier Ltd. All rightsreserved.
Keywords: Cybersecurity | Financial law | Annual report | Information sharing | Security regulation