Cybersecurity Risk

We develop a novel firm-level measure of cybersecurity risk using textual analysis of cybersecurity-risk disclosures in corporate filings. The measure successfully identifies firms extensively discussing cybersecurity risk in their 10-K, displays intuitive relations with quantitative measures of cybersecurity risk disclosure language, exhibits a positive trend over time, is more prevalent among industries relying more on information technology systems, correlates with several characteristics linked to firms hit by cyber attacks and, importantly, predicts future cyber attacks. Stocks with high exposure to cybersecurity risk exhibit high expected returns on average, but they perform poorly in periods of increasing attention to cybersecurity risk.