This study explores the cybersecurity risk disclosure differences between foreign firms listed in the US and US firms. We first extract cybersecurity risks disclosures text with a Python program based on a list of cybersecurity key words. We then perform textual analysis of the cybersecurity risk disclosures in foreign firms’ 20-F filings and US firms’ 10-K filings. During our study period, we observe that foreign firms disclose more about their cybersecurity risks and their disclosures are more readable than US firms. Foreign firms also use more numbers, fewer uncertainty words and fewer litigious language than their US counterparts.  In general, our study suggests that cybersecurity risk disclosures made by foreign firms are clearer and more specific than those made by US firms. This finding could have implications for disclosure regulation and home bias research.

This content is only available as a PDF.
You do not currently have access to this content.