As the associated costs, business impacts, and high variability of cybersecurity disclosures capture the attention of regulators, we are witnessing a rapid emergence of proposals for new reporting requirements, such as recent SEC proposed disclosure guidelines and legislation being passed in both the EU and U.S. Within the context of cyber-breach disclosure, this study investigates how voluntary assurance provided by professional accounting firms affects nonprofessional investors’ judgments and decisions after the disclosure of a cybersecurity breach—an inevitable event. The study also examines how value relevance of voluntary assurance is altered when having such assurance is expected/unexpected given the company’s industry. We find expectancy violations, based on industry norms and investors’ perceived benefits of voluntary assurance, significantly influence investors’ judgments. This study begins to address questions on whether demand exists for voluntary assurance provided by professional accounting firms, particularly given lingering concerns over the viability of new forms of assurance.

Data Availability: Data are available from the authors upon request.

JEL Classifications: M41; M42; O31; O33.

This content is only available via PDF.
You do not currently have access to this content.