Score contribution per author:
α: calibrated so average coauthorship-adjusted count equals average raw count
Based on textual analysis and a comparison of cybersecurity risk disclosures of firms that were hacked to others that were not, we propose a novel firm-level measure of cybersecurity risk for all U.S.-listed firms. We then examine whether cybersecurity risk is priced in the cross-section of stock returns. Portfolios of firms with high exposure to cybersecurity risk outperform other firms, on average, by up to 8.3 per year. Yet, high-exposure firms perform poorly in periods of high cybersecurity risk. Reassuringly, the measure is higher in information-technology industries, correlates with characteristics linked to firms hit by cyberattacks, and predicts future cyberattacks.Authors have furnished an Internet Appendix, which is available on the Oxford University Press Web site next to the link to the final published paper online