ISSN: 2225-8329
Open access
Digitalisation is an important driver of the digital economy. The COVID-19 pandemic further accelerates the adoption of digital technology. Having huge data of clients, suppliers, investors, collaborators, and other business contacts expose companies to cyber threats and attacks. Several regulators such as the Security Exchange Commission (SEC) in the US requires public listed companies to disclose information related to cybersecurity risks. This study aims to explore how Malaysian listed companies reveal information related to cybersecurity in their annual reports. In addition, it also attempts to determine the themes or nature of these disclosures and to assess the disclosure levels. Using a content analysis, this study examined forty-nine annual reports from four sectors. It discovers that most companies disclose information related to cybersecurity under eight (8) common sections: governance and leadership, risk management and internal control, key risks and opportunities, management report, sustainability statement, organisational capital, external environment, and performance review. Furthermore, it suggests that these voluntary disclosures are mostly related to eight (8) themes: Data Protection Act, Data Security and Data Integrity, Cyber Threats and Risks, Cybersecurity Assessment, Focus and Priority, Optimisation, Enhanced and Investment, Policies and Artificial Intelligence. Even though most of these disclosures are at the basic level, there are a few companies with comprehensive disclosure on cybersecurity. The research findings provide valuable insights into voluntary disclosures related to cybersecurity among Malaysian listed companies.
Pratama, A. (2021). Integrated Reporting in ASEAN | Accountants Today. Mia, 1–5. https://www.at-mia.my/2021/05/27/integrated-reporting-in-asean/
Bamber, L. S., Jiang, J., & Wang, I. Y. (2010). What’s my style? The influence of top managers on voluntary corporate financial disclosure. Accounting Review, 85(4), 1131–1162. https://doi.org/10.2308/accr.2010.85.4.1131
Braam, G., & Borghans, L. (2014). Board and auditor interlocks and voluntary disclosure in annual reports. Journal of Financial Reporting and Accounting, 12(2), 135–160. https://doi.org/10.1108/jfra-11-2012-0054
Burns, E., Laskowski, N., & Tucci, L. (2017). What is artificial intelligence? TechTarget. https://searchenterpriseai.techtarget.com/definition/AI-Artificial-Intelligence#:~:text=Artificial intelligence is the simulation,speech recognition and machine vision.
Chandok, R. I. S., & Singh, S. (2017). Empirical study on determinants of environmental disclosure: Approach of selected conglomerates. Managerial Auditing Journal, 32(4–5), 332–355. https://doi.org/10.1108/MAJ-03-2016-1344
D’amico, G., Arbolino, R., Shi, L., Yigitcanlar, T., & Ioppolo, G. (2021). Digital technologies for urban metabolism efficiency: Lessons from urban agenda partnership on circular economy. Sustainability (Switzerland), 13(11), 1–23.
https://doi.org/10.3390/su13116043
Del Río Castro, G., González Fernández, M. C., & Uruburu Colsa, Á. (2021). Unleashing the convergence amid digitalization and sustainability towards pursuing the Sustainable Development Goals (SDGs): A holistic review. Journal of Cleaner Production, 280. https://doi.org/10.1016/j.jclepro.2020.122204
Ebert, M., Schäfer, U., & Schneider, G. T. (2019). Information Leaks and Voluntary Disclosure. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3372141
Economic Planning Unit, P. M. D. (2021). Malaysia Digital Economy Blueprint. Malaysian National Library. https://www.epu.gov.my/sites/default/files/2021-02/malaysia-digital-economy-blueprint.pdf.
Eijkelenboom, & Nieuwesteeg. (2021). An analysis of cybersecurity in Dutch annual reports of listed companies. Computer Law & Security Review, 40.
Embong, Z. (2014). Understanding Voluntary Disclosure: Malaysian Perspective. Asian Journal of Accounting and Governance, 5, 15–35. https://doi.org/10.17576/ajag-2014-5-02
Gao, L., G.Calderon, T., & FengchunTang. (2020). Public companies’ cybersecurity risk disclosures. International Journal of Accounting Information Systems, 38.
Gcaza, N., Von Solms, R., Grobler, M. M., & Van Vuuren, J. J. (2017). A general morphological analysis: Delineating a cyber-security culture. Information and Computer Security, 25(3), 259–278. https://doi.org/10.1108/ICS-12-2015-0046
Gelenbe, E., Domanska, J., Czáchorski, T., Drosou, A., & Tzovaras, D. (2018). Security for Internet of Things: The SerIoT Project. 2018 International Symposium on Networks, Computers and Communications, ISNCC 2018.
https://doi.org/10.1109/ISNCC.2018.8531004
Hoberg, G., & Lewis, C. (2017). Do fraudulent firms produce abnormal disclosure? Journal of Corporate Finance, 43(C), 58–85.
Hameed, S. M. A., & Rahman Ahmed, N. A. R. (2020). Adoption of integrated reporting in emerging economies: Evidence from bahrain. Asian Economic and Financial Review, 10(10), 1115–1130. https://doi.org/10.18488/journal.aefr.2020.1010.1115.1130
Healy, P. M., & Palepu, K. G. (2001). Information asymmetry, corporate disclosure, and the capital markets: A review of the empirical disclosure literature. Journal of Accounting and Economics, 31, 405–440.
Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-Physical Systems Security - A Survey. IEEE Internet of Things Journal, 4(6), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172
Kane, G. A., Lopes, G., Saunders, J. L., Mathis, A., & Mathis, M. W. (2020). Real-time, low-latency closed-loop feedback using markerless posture tracking. ELife, 9, 1–29. https://doi.org/10.7554/ELIFE.61909
Kulikova, L. I., & Mukhametzyanov, R. Z. (2019). Formation of financial reporting in the conditions of digital economy. Journal of Environmental Treatment Techniques, 7(Special Issue), 1125–1129.
Lakshan, A. M. I., Low, M., & de Villiers, C. (2021). Management of risks associated with the disclosure of future-oriented information in integrated reports. Sustainability Accounting, Management and Policy Journal, 12(2), 241–266.
https://doi.org/10.1108/SAMPJ-03-2019-0114
Ma, K. W. F., & McKinnon, T. (2021). COVID-19 and cyber fraud: emerging threats during the pandemic. Journal of Financial Crime, October. https://doi.org/10.1108/JFC-01-2021-0016
Mohammed, N. F., Kassim, C. F. C., Sutainim, N. A., & Amirrudin, M. S. (2020). Accountability through integrated reporting: The awareness and challenges in Malaysia. Humanities and Social Sciences Letters, 8(1), 123–132.
https://doi.org/10.18488/journal.73.2020.81.123.132
Mondejar, M. E., Avtar, R., Diaz, H. L. B., Dubey, R. K., Esteban, J., Gómez-Morales, A., Hallam, B., Mbungu, N. T., Okolo, C. C., Prasad, K. A., She, Q., & Garcia-Segura, S. (2021). Digitalization to achieve sustainable development goals: Steps towards a Smart Green Planet. Science of the Total Environment, 794(June), 148539.
https://doi.org/10.1016/j.scitotenv.2021.148539
Nurunnabi, M., & Hossain, M. A. (2012). The voluntary disclosure of internet financial reporting (IFR) in an emerging economy: A case of digital Bangladesh. Journal of Asia Business Studies, 6(1), 17–42. https://doi.org/10.1108/15587891211190688
Oluwagbemiga, O. E. (2014). The use of voluntary disclosure in determining the quality of financial statements: Evidence from the Nigeria listed companies. Serbian Journal of Management, 9(2), 263–280. https://doi.org/10.5937/sjm9-5784
Ricci, F., Scafarto, V., Ferri, S., & Tron, A. (2020). Value relevance of digitalization: The moderating role of corporate sustainability. An empirical study of Italian listed companies. Journal of Cleaner Production, 276, 123282.
https://doi.org/10.1016/j.jclepro.2020.123282
Rinaldi, L., Unerman, J., & de Villiers, C. (2018). Evaluating the integrated reporting journey: insights, gaps and agendas for future research. Accounting, Auditing and Accountability Journal, 31(5), 1294–1318. https://doi.org/10.1108/AAAJ-04-2018-3446
Shan, Y. G., & Troshani, I. (2021). Digital corporate reporting and value relevance: evidence from the US and Japan. International Journal of Managerial Finance, 17(2), 256–281. https://doi.org/10.1108/IJMF-01-2020-0018
Ibrahim, S. N., Shamsudin, A., Ibrahim, M. T., Abdullah, S., Jaaffar, M. Y., & Bani, H. (2021). An Initial Assessment of Voluntary Disclosures on Digitalisation by Malaysian Public Listed Companies. International Journal of Academic Research in Accounting, Finance and Management Sciences, 11(3), 303–314.
https://doi.org/10.6007/ijarafms/v11-i3/10966
Tara Kissoon, S. (2021). Optimum Spending on Cybersecurity Measures: Part II. Journal of Information Security, 12(01), 137–161. https://doi.org/10.4236/jis.2021.121007
Thuraisingham, B. (2020). Cloud Governance. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD).
Tran, L. T. H., Tu, T. T. K., Nguyen, T. T. H., Nguyen, H. T. L., & Vo, X. V. (2021). Annual report narrative disclosures, information asymmetry and future firm performance: evidence from Vietnam. International Journal of Emerging Markets, 502. https://doi.org/10.1108/IJOEM-08-2020-0925
Troshani, I., Parker, L. D., & Lymer, A. (2015). Institutionalising XBRL for financial reporting: resorting to regulation. Accounting and Business Research, 45(2). https://doi.org/https://doi.org/10.1080/00014788.2014.980772
US Securities and Exchange Commission. (2018). Commission Statement and Guidance on Public Company Cybersecurity Disclosures. https://www.sec.gov/rules/interp/2018/33-10459.pdf
Warner, M. (2012). A Pre-history. Intelligence and National Security, 27(5), 781–799. https://doi.org/10.1080/02684527.2012.708530
Whitehead, G. (2020). Investigation of factors influencing cybersecurity decision making in Irish SME’s from a senior manager/owner perspective. August.
World Economic Forum. (2021). The Global Risks Report 2021: 16th Edition. In Weforum.Org. http://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2021.pdf
Zeranski, S., & Sancak, I. E. (2020). Digitalisation of Financial Supervision with Supervisory Technology (SupTech). SSRN Electronic Journal, July. https://doi.org/10.2139/ssrn.3632053
In-Text Citation: (Ibrahim et al., 2021)
To Cite this Article: Ibrahim, S. N. S., Shamsudin, A., Abdullah, S., Ibrahim, M. T., Jaaffar, M. Y., & Bani, H. (2021). Content Analysis of Voluntary Disclosures on Cybersecurity in Malaysia. International Journal of Academic Research in Accounting Finance and Management Sciences, 11(4), 10–28.
Copyright: © 2021 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode