Download This PaperPredicting Cybersecurity Incidents Through Mandatory Disclosure Regulation
Illinois Journal of Law, Technology, and Policy
62 Pages Posted: 14 Nov 2020 Last revised: 5 May 2022
Date Written: March 2, 2022
Abstract
Cybersecurity risk is an increasingly common concern for organizations
that collect and maintain vast troves of data. In 2011, the United States
Securities and Exchange Commission (SEC) provided guidelines for how
publicly traded companies should convey these risks to potential investors. But
does this mandatory disclosure regime effectively serve this purpose in the
cybersecurity context? This Article uses machine learning and natural language
processing techniques to analyze firms’ mandatory risk disclosure statements,
predict which firms are at the greatest risk of suffering cybersecurity incidents,
and evaluate how well disclosure meets the goals of the broad regulatory
regime. More broadly, this study highlights the potential for using legally
mandated disclosures to bolster regulatory efforts, particularly in the context of
prediction policy problems.
Keywords: cybersecurity, prediction policy problems, empirical legal studies
Suggested Citation: Suggested Citation