Affiliation:
1. Nova Southeastern University
2. The University of North Carolina at Charlotte
3. Trinity University
Abstract
ABSTRACT
Public company investors rely on the Big 4 audit firms to provide assurance over internal controls and financial reporting. What, then, would happen if one of these very assurance providers suffered its own cybersecurity breach? We examine such an event in the major data breach of Deloitte in 2017. Using U.S. data from 2014 to 2019, we find Deloitte suffered significant reputational damage postbreach. Specifically, audit clients and existing shareholders became less likely to approve of Deloitte as the company’s auditor. Deloitte also charged lower audit fees after the incident. Furthermore, Deloitte’s audit clients suffered significant negative market reactions postbreach. Our results suggest pervasive implications of cyberattacks on auditor reputation and support recent congressional efforts to expand regulation in this area.
Publisher
American Accounting Association
Subject
Management of Technology and Innovation,Information Systems and Management,Human-Computer Interaction,Accounting,Information Systems,Software,Management Information Systems
Reference87 articles.
1. Earnings management, litigation risk, and asymmetric audit fee responses;Abbott;Auditing: A Journal of Practice & Theory,2006
2. Do firms underreport information on cyber-attacks? Evidence from capital markets;Amir;Review of Accounting Studies,2018
3. 350 Deloitte customers affected by cyber hack: Report;Anonymous;CIO,2017
4. Does auditor ratification matter to bondholders? Evidence from new bond issues;Bao;Journal of Accounting and Public Policy,2020
5. Who cares about auditor reputation?;Barton;Contemporary Accounting Research,2005
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献