The Disclosures of Information on Cybersecurity in Listed Companies in Latin America—Proposal for a Cybersecurity Disclosure Index

Abstract

For the corporate sphere, cybersecurity becomes an inescapable business responsibility, and accountability becomes a way of providing trust and ensuring resilience against cyber risks and high-impact cyber threats. The purpose of this study was to create a disclosure index that allows analysis of the scope of the disclosure of voluntary and mandatory cybersecurity information. The content analysis technique used focuses on the examination and identification of the cybersecurity information revealed in the annual reports and the 20 F annual forms of the companies with the highest stock market prices in Argentina, Brazil, Chile, Colombia, Mexico, and Peru during the period of 2016–2020. Longitudinal analysis indicates an increase over time in the disclosures and scope of information. The findings highlight that the country with the highest related disclosure is Argentina; the most extensive disclosures are due to the financial sector; and the strategy dimension represents the greatest weight in the index score. The study provides a novel instrument for measuring the content of disclosure on cybersecurity that is applicable in any specific context. In this case, the scope of disclosure in Latin America—a region which, according to our research, does not have previous studies on the subject—is evaluated.