Predicting Cybersecurity Incidents Through Mandatory Disclosure Regulation
37 Pages Posted: 14 Nov 2020
Date Written: May 21, 2020
Cyber-crime is an increasingly common risk for organizations that collect and maintain vast troves of data. There is extensive literature that explores the causes of cyber-crime, but relatively little work that aims to predict future incidents. In 2011, the United States Securities and Exchange Commission (SEC) provided guidelines for how publicly traded companies should convey these risks to potential investors. The SEC and other regulatory agencies are exploring how to leverage artificial intelligence, machine learning, and data science tools to improve their regulatory efforts. This paper explores the potential to use machine learning and natural language processing techniques to analyze firms’ mandatory risk disclosure statements, and predict which firms are at the greatest risk of suffering cyber-security incidents. More broadly, this study highlights the potential for using legally mandated disclosures to bolster regulatory efforts, particularly in the context of prediction policy problems.
Suggested Citation: Suggested Citation