Do Information Security Disclosures Reflect Future Incidents?
Source: Purdue University (Krannert)
This paper investigates how the nature of security related disclosures in financial reports is associated with breach announcements in the subsequent period. First build a decision tree to classify the occurrence of future security breaches based on the textual content of disclosures. The model suggests that one is able to accurately associate disclosure patterns with breach announcements about 77% of the time. Further explore the contents of the disclosures using text mining techniques to provide a richer interpretation of the results. The results show that the disclosures with action-oriented terms and phrases are less likely to be related to future incidents. This paper contributes to the literature in information security and sheds light on how investors can better interpret information security disclosures in financial reports.