Board effectiveness and cybersecurity disclosure

This study explores the impact of board effectiveness on cybersecurity-related disclosure. Based on a sample of 300 firm-years consisting of the largest Canadian listed companies over a period of five years, we find evidence that board effectiveness positively affects a firm’s decision to disclose cybersecurity information, and board independence and financial expertise have a positive impact on the amount of this disclosure. Independent members of the board, acting as a governance and oversight mechanism, significantly increase the disclosure of cybersecurity risks in the company’s financial statements. The board has a fiduciary role to monitor management and board members’ financial expertise contributes to risk assessment and management. Cybersecurity, as an emerging governance topic, demands multiple areas of expertise in technical, ethical, and financial areas. Board members should be continually trained to be aware of the evolution and diversification of business risks and should have appropriate skills and competencies to manage them. Our findings shed light on the positive impact of board members’ financial expertise on the volume of cybersecurity disclosure. However, board size appears to have no impact on this amount, possibly because few board members have cybersecurity expertise.