Cyber-Security Incidents, External Monitoring and Probability of Restatements

44 Pages Posted: 21 Jun 2018

See all articles by Pierangelo Rosati

Pierangelo Rosati

Dublin City University Business School

Fabian Gogolin

Queen's Management School

Theodore G. Lynn

Irish Centre for Cloud Computing and Commerce

Date Written: July 29, 2017

Abstract

The number of cyber-security incidents has dramatically increased in the last few years as well as the costs they generate for the affected firms. The impact of such incidents on affected firms and individuals usually receives most of the attention of the media and researchers alike. However, cyber-security incidents represent main concerns also for regulators and for the external auditors of the affected firms. While regulators are mostly concerned about the impact on the general economy, external auditors face potential reputational damage if a security breach results in misleading financial results. In this paper, we investigate how regulators and external auditors react to cyber-security incidents in the two years following the breach. Using a sample of 4,764 US firms, we find that the breached firms are subject to increased scrutiny by both regulators and external auditors following a security breach; this results in a higher probability of receiving a SEC Comment Letter, higher audit quality, and lower probability of financial restatements. Our results show that cyber-security incidents represent high-profile events not only for the affected firms but also for regulators and external auditors who attempt to constrain the negative outcomes of these incidents through increased monitoring and enhanced controls.

Keywords: Restatement, Cyber Security, Audit Quality, SEC Comment Letters

JEL Classification: M41, M42, C30, K24

Suggested Citation

Rosati, Pierangelo and Gogolin, Fabian and Lynn, Theodore G., Cyber-Security Incidents, External Monitoring and Probability of Restatements (July 29, 2017). Available at SSRN: https://ssrn.com/abstract=3193880 or http://dx.doi.org/10.2139/ssrn.3193880

Pierangelo Rosati (Contact Author)

Dublin City University Business School ( email )

Ireland 9
Dublin 9, Dublin 9
Ireland

Fabian Gogolin

Queen's Management School ( email )

Ridel Hall
Belfast, BT9 5EE
Northern Ireland

Theodore G. Lynn

Irish Centre for Cloud Computing and Commerce ( email )

Dublin
Collins Avenue
Dublin, NA Dublin 9
Ireland
35317006873 (Phone)
35317005446 (Fax)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
163
Abstract Views
1,241
rank
218,127
PlumX Metrics