Litcius/Paper detail

Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis

Wanying Jiang

2024Journal of Information Systems13 citationsDOI

Abstract

ABSTRACT Cybersecurity risk represents a growing business threat. However, little attention has been paid to its assessment. This study proposes a machine learning algorithm that considers firm cybersecurity risk disclosure, information technology governance, external monitoring by financial analysts and auditors, and general firm characteristics to estimate cybersecurity risk (i.e., the likelihood of a firm experiencing data breaches during a year). This measure outperforms the measure produced by logistic regression models, is higher in industries more prone to cyberattacks, and effectively predicts future data breaches and firm use of cybersecurity insurance policies. I also examine whether auditors consider firm cybersecurity risk in the engagement planning process, finding that, on average, a one-percentage-point increase in cybersecurity risk is associated with a 1.15 percent increase in audit fees. In addition, auditors charge a fee premium after a data breach only if the client has heightened cybersecurity risk. Data Availability: Data are available from the public sources cited in the text.

Topics & Concepts

AuditBusinessData breachComputer securityMeasure (data warehouse)Corporate governanceAccountingLogistic regressionPoint (geometry)Business risksComputer scienceActuarial scienceFinanceRisk analysis (engineering)Data miningGeometryMachine learningMathematicsInformation and Cyber SecurityAuditing, Earnings Management, GovernanceNetwork Security and Intrusion Detection
Cybersecurity Risk and Audit Pricing—A Machine Learning-Based Analysis | Litcius