EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Exploring the information content of cyber breach reports and the relationship to internal controls

Benjamin Blakely, Jim Kurtenbach and Lovila Nowak

International Journal of Accounting Information Systems, 2022, vol. 46, issue C

Abstract: A number of institutions make reports available regarding the types, impacts, or origins of cybersecurity breaches. The information content of cyber breach reports is examined in light of Principle 15 of the 2017 Committee on Sponsoring Organizations Enterprise Risk Management (COSO ERM) information security control framework to understand the degree to which cyber breach reports reflect the established COSO internal control framework. This study utilizes the COSO ERM internal control framework to examine whether current cyber breach reports contain information that may influence a firm’s ability to assess substantial change within its industry due to external forces (COSO ERM Principle 15). As such, this study focuses on data breaches, a special type of cyber incident, which may result in the loss of confidential information. Cyber decision makers rely on this type of information to calibrate information security programs to ensure coverage of relevant threats and the efficient use of available funds. These reports may be used for the purposes of cybersecurity risk assessment and strategic planning. We compare, contrast, and analyzie the reports to identify their utility in such contexts. We also provide an overview of the current cybersecurity reporting environment and suggest revisions to US national cyber policy with the intent of increasing the benefit to reporters and consumers of the data.

Keywords: COSO; Computer Security; Computer Crime; Risk analysis; Security management; Incident; Breach (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (3)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1467089522000203
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijoais:v:46:y:2022:i:c:s1467089522000203

DOI: 10.1016/j.accinf.2022.100568

Access Statistics for this article

International Journal of Accounting Information Systems is currently edited by S.V. Grabski

More articles in International Journal of Accounting Information Systems from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijoais:v:46:y:2022:i:c:s1467089522000203