An analysis of cybersecurity in Dutch annual reports of listed companies,Computer Law & Security Review

当前位置： X-MOL 学术 › Comput. Law Secur. Rev. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

An analysis of cybersecurity in Dutch annual reports of listed companies
Computer Law & Security Review ( IF 3.3 ) Pub Date : 2020-12-15 , DOI: 10.1016/j.clsr.2020.105513
E.V.A. Eijkelenboom , B.F.H. Nieuwesteeg

In this paper we study the disclosure of cybersecurity information in Dutch annual reports, such as cybersecurity measures and cyber incidents, from a financial law and economics perspective. We start our discussion with an analysis of the requirements in financial law to disclose cybersecurity information in annual reports. Hereafter, we discuss the incentives for the board regarding disclosing cybersecurity related information and its effect on stakeholders and shareholders. We draft hypotheses regarding the actual disclosure of cybersecurity information and propose a research design of an exploring empirical study. The results of our study show that although there is no strict legal obligation to do so, 87% of the companies mention cybersecurity or similar words in their annual report in 2018. However, only 4 out of 75 companies disclosed more than six specific cybersecurity measures, while openness would generate the highest surplus for society from a social welfare perspective. Some major Dutch banks and employment agencies did not disclose any specific information with regard to their cybersecurity strategy, while those companies are highly vulnerable for cybersecurity incidents. This hampers the protection of creditors, investors and other stakeholders. Our analysis aims to propel the debate on stimulation of self-regulation or possible obligations in financial law concerning cybersecurity in annual reports.

中文翻译：

荷兰上市公司年度报告中的网络安全分析

在本文中，我们从金融法和经济学的角度研究了荷兰年度报告中的网络安全信息披露，例如网络安全措施和网络事件。我们从对金融法律要求的分析开始讨论，以在年度报告中披露网络安全信息。此后，我们讨论了董事会在披露与网络安全相关的信息及其对利益相关者和股东的影响方面的激励措施。我们起草有关网络安全信息实际披露的假设，并提出了一项探索性实证研究的研究设计。我们的研究结果表明，尽管没有严格的法律义务这样做，但仍有87％的公司在其2018年年度报告中提及网络安全或类似措辞。在75家公司中，只有4家披露了六项以上的特定网络安全措施，而从社会福利的角度来看，开放将为社会带来最高的盈余。荷兰的一些主要银行和职业介绍所没有透露有关其网络安全策略的任何具体信息，而这些公司极易受到网络安全事件的影响。这妨碍了对债权人，投资者和其他利益相关者的保护。我们的分析旨在在年度报告中推动关于刺激自我监管或金融法中有关网络安全的可能义务的辩论。荷兰一些主要的银行和职业介绍所没有透露有关其网络安全策略的任何特定信息，而这些公司在网络安全事件中极易受到攻击。这妨碍了对债权人，投资者和其他利益相关者的保护。我们的分析旨在在年度报告中推动关于刺激自我监管或金融法中有关网络安全的可能义务的辩论。荷兰的一些主要银行和职业介绍所没有透露有关其网络安全策略的任何具体信息，而这些公司极易受到网络安全事件的影响。这妨碍了对债权人，投资者和其他利益相关者的保护。我们的分析旨在在年度报告中推动关于刺激自我监管或金融法中有关网络安全的可能义务的辩论。

更新日期：2020-12-16

点击分享查看原文

点击收藏

阅读更多本刊最新论文