This study examines the association between companies' cybersecurity risk disclosures and audit fees. Based on a sample from 2005 to 2018, we find that companies' audit fees are not only influenced by the content (number of words), but also by the language (readability and litigious language) disclosed in their cybersecurity risk disclosures. We extend prior studies and find that audit firms assess audit risks not just by evaluating actual cyber breach incidents, but also the cybersecurity risks disclosures more generally. The implication is that the auditor incorporates into their risk assessments, and accordingly their fee structures, the nature and content of cybersecurity risk disclosures. In general, more readable disclosures can reduce audit fees and perhaps other monitoring costs incurred by SEC registrants.

中文翻译：

---

网络安全风险披露和隐含的审计风险：审计费用的证据

这项研究考察了公司网络安全风险披露与审计费用之间的关联。基于2005年至2018年的样本，我们发现公司的审计费用不仅受其网络安全风险披露中披露的内容（单词数量）的影响，还受其语言（可读性和诉讼语言）的影响。我们扩展了先前的研究，发现审计公司不仅通过评估实际的网络违规事件来评估审计风险，而且还通过更一般的方式来评估网络安全风险的披露。这意味着审计师将其风险评估以及相应的费用结构，网络安全风险披露的性质和内容纳入其风险评估。通常，更具可读性的披露可以减少SEC注册人的审计费用，并可能减少其他监控费用。