Businesses that openly discuss their cybersecurity strategies and risks are likely to see better financial returns than those that remain silent, a new study finds.
Research involving the Binghamton University School of Management suggests that investors have moved beyond viewing cybersecurity merely as a defensive safeguard. Instead, they now value it as a critical aspect of a firm’s overall risk management and a key driver of financial performance.
“If a company has been affected by a cyberattack and ignores it or doesn’t make it clear they’re taking appropriate steps to deal with the problem, that will diminish customer trust and send a bad signal to shareholders,” says Thi Tran, an assistant professor at Binghamton who co-authored the study.
Transparency builds trust
The study, presented at the Hawaii International Conference on System Sciences, analysed data from conference calls held by top-tier US public companies between 2000 and 2023.
Researchers developed an algorithm to search transcripts for cybersecurity-related keywords. They focused on conference calls because they offer a more accessible medium for investors to gauge a company’s stance than dense regulatory risk disclosure documents.
The analysis confirmed that “cybersecurity readiness” in a given year had a positive effect on the company’s return on assets the following year.
“We found that if the firms are more open about the situation and make it known they are attempting to do something about it, that will increase stakeholder trust and the firm will perform better,” Tran explains.
Instinct to hide
The findings challenge the traditional corporate instinct to downplay vulnerabilities. The study highlights that while the 2013 Target data breach — which cost the retailer more than $200 million — was a landmark case, the threat landscape has only expanded since then as businesses grow their digital footprints.
Tran notes that while it is “basic human psychology” for leaders to downplay problems that make them look bad, the data demonstrate the financial value of transparency and acknowledgement.
“Hopefully, by seeing how it leads to good returns, more firm leaders will be motivated to recognise the actual value of why they should not ignore or downplay the cybersecurity issue,” said Tran.
