Advertisement

Ex-post Information Value of Risk Disclosure

  • Kunio Ito
  • Tetsuyuki Kagaya
  • Hyonok KimEmail author
Chapter
  • 1k Downloads
Part of the Advances in Japanese Business and Economics book series (AJBE, volume 6)

Abstract

The purpose of this paper is to examine the effects of information security initiatives on corporate value and demonstrate the significance of establishing information security governance. In order to achieve this goal, we conducted three analyses. First, we focus on companies that disclosed information security risks in the “Business Risk etc.” section in their financial statements and examine how differently stock markets evaluate such companies as compared to those which do not when an information security incident occurred. We find that stock price of companies that disclosed information security risks fall by a smaller margin than those which did not. Secondly, according to a questionnaire survey of corporate users who utilized IT-related equipment, we find that companies those who properly disclosed their information security initiatives enjoy higher evaluations than those which did not. Finally, we also find that information security initiatives have positive effects on user preference and satisfaction in business dealings. Based on the results, it is considered that it is economically beneficial for companies to carry out information security initiatives. The results of this paper also imply that business risk disclosure has not only ex-ante information value but also ex-post information value.

Keywords

Corporate brand value Information security Information security incidents Risk disclosure 

References

  1. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.Google Scholar
  2. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 69–104.Google Scholar
  3. InterRisk Research Institute & Consulting. (2005). An analysis of revealed risks in fiscal 2004. Tokyo: InterRisk Research Institute & Consulting.Google Scholar
  4. Ishiguro, M., Tanaka, H., Matsuura, K., & Murase, I. (2006). The effect of internet security incidents on corporate value in the Japanese stock market. In Proceedings of the 2006 Workshop on the Economics of Securing the Information Infrastracture.Google Scholar
  5. Ito, K. (2000). Koporeto burando keiei [Corporate brand management]. Tokyo: Nikkei Publishing Inc.Google Scholar
  6. Ito, K. (2003). New phases of corporate brand management. Hitotsubashi Business Review, 51(3), 6–23.Google Scholar
  7. Ito, K. (2004). Corporate brand management for higher reputation. Risk Management Business, 19(9), 4–7.Google Scholar
  8. Ito, K. (2007). Zeminaru kigyokachi hyoka [Seminar Valuation of corporate value]. Tokyo: Nikkei Publishing Inc.Google Scholar
  9. Ito, K., & Kagaya, T. (2006). Brand risk management and corporate value. Hitotsubashi Business Review, 54(3), 6–25.Google Scholar
  10. Japan Network Security Association. (2002–2007). Information security incident survey report. Tokyo: Japan Network Security Association.Google Scholar
  11. Kim, H. (2007). The effects of the advance disclosure of risk factors on stock returns when there are information security incidents. Hitotsubashi Review of Commerce and Management, 2(2), 102–113.Google Scholar
  12. Metropolitan Police Department. (1999–2004). Survey concerning the actual condition of countermeasures against unauthorized access etc. Tokyo: Metropolitan Police Department.Google Scholar
  13. Ministry of Economy, Trade and Industry. (2005, March). Research group on corporate information security governance. Tokyo: Ministry of Economy, Trade and Industry.Google Scholar
  14. NRI SecureTechnologies. (2007, November). A questionnaire survey concerning the condition of information security measures. Tokyo: NRI SecureTechnologies.Google Scholar
  15. Wakasugi, A. (1999). Kaikei disukurozya to kigyo rinri [Accounting Disclosure and Corporate Ethics]. Tokyo: Zeimukeiri Kyokai.Google Scholar

Copyright information

© Springer Japan 2014

Authors and Affiliations

  1. 1.Graduate School of Commerce and ManagementHitotsubashi UniversityKunitachiJapan
  2. 2.Business AdministrationTokyo Keizai UniversityKokubunjiJapan

Personalised recommendations