“We find suggestive evidence indicating that some firms manipulate the discovery date (“misreport”) of a cybersecurity incident to postpone the disclosure of the incident, as evidenced by a pronounced spike in insider sales before the reported discovery date. We also find that misreporting is more prevalent among firms with weak internal control systems, when firms face low litigation risk, and when firms have greater pressure to meet a disclosure deadline.”
top of page
Rechercher
Posts récents
Voir toutThe main vulnerability in data protection is ineffective risk management, often subjective and superficial. GDPR outlines what to achieve...
00
This paper introduces a dynamic, proactive cyber risk assessment methodology that combines internal and external data, converting...
10
Cybersecurity investment models often mislead practitioners due to unreliable data, unverified assumptions, and false premises. These...
00
bottom of page
Comments