Cybersecurity Risks and Incidents Disclosure: A Literature Review*
Firouz Amani et al.
Abstract
This paper reviews the expanding literature on the disclosure of cybersecurity risks and incidents. In contrast to prior reviews on cybersecurity, we focus specifically on disclosure and consider studies publicly available to the end of 2024. We classify the literature along three main dimensions: characteristics, determinants, and outcomes of cybersecurity disclosure. Within each dimension, we group studies that examine similar concepts to highlight areas where a critical mass of knowledge exists, as well as areas where research remains limited, findings are inconclusive, or contradictions persist. We conclude by outlining four broad research questions that warrant further investigation, with the goal of advancing our understanding of cybersecurity disclosure, its implications for organizations and stakeholders, the broader risk management landscape, and the related adversarial costs unique to this disclosure.
5 citations
Evidence weight
Balanced mode · F 0.40 / M 0.15 / V 0.05 / R 0.40
| F · citation impact | 0.41 × 0.4 = 0.16 |
| M · momentum | 0.63 × 0.15 = 0.09 |
| V · venue signal | 0.50 × 0.05 = 0.03 |
| R · text relevance † | 0.50 × 0.4 = 0.20 |
† Text relevance is estimated at 0.50 on the detail page — for your query’s actual relevance score, open this paper from a search result.