Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Date of Award
Bachelor of Business Administration (BBA)
School of Accounting
On October 13, 2011, the U.S. Securities and Exchange Commission issued a guidance on corporate disclosure of cyber-risks and information security breaches (SEC, 2011). To determine if a company disclosed information on the breach, I reviewed the company’s risk factors, management’s discussion and analysis of financial conditions and results of operations, description of the business, legal proceedings, financial statement disclosures, and disclosure controls and procedures. However, the disclosure regulations from this guidance are vague and thus do little to force disclosure of valuable information. The guidance has led to companies disclosing ambiguous, generic risk factors that can be applied to any business in any industry (Ferraro, 2014).
Jin, Jingjing, "Cybersecurity disclosure effectiveness on public companies" (2015). Senior Honors Projects, 2010-current. 1.