SUMMARY
This article summarizes a study by Kelton and Yang (2024), who investigate cybersecurity breach contagion effects where nonbreached (bystander) firms experience negative share price responses to a disclosed cybersecurity breach at an industry peer firm. The study finds bystander firms reporting an accounting loss in the previous year are more susceptible to contagion effects than bystander firms reporting a profit. Importantly, the study shows internal control quality provides protection from contagion effects, particularly for loss firms. The findings are useful for auditors as they show the expanding importance of reporting on firms’ internal controls. Auditors and managers may also consider the results of this study when communicating the importance of internal controls beyond financial reporting and exploring ways to mitigate cybersecurity risk.
