A BIBLIOMETRIC ANALYSIS OF CYBER SECURITY RISK DISCLOSURE
Abstract
Along with experiencing significant financial losses due to data breaches in the company. To attract stakeholders' attention, companies need to disclose the cyber risks they face. This study aims to explain the progress and patterns in cyber risk disclosure and the variables that are often associated with the practice. The research used a systematic literature review of 155 research articles from Scopus (2020-2024) using the keywords cybersecurity disclosure in the fields of computer science, social science, business management, accounting, economics, and finance. Data was limited to English journal articles and analysed using bibliometric analysis with the VOS viewer application. The results show that research on cyber risk disclosure in Scopus.com is still limited, but shows an increasing trend in various countries' companies. The cited articles are identified as references for future research. On accounting conceptualisations regarding the voluntary disclosure of such corporate social responsibility information related to cyber risk threats.
References
Agarwal, N., Agarwal, S., & Chatterjee, C. (2024). Data breach notification laws and the cost of private debt. British Accounting Review. https://doi.org/10.1016/j.bar.2024.101518
Agrafiotis, I., Nurse, J. R. C., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. In Journal of Cybersecurity (Vol. 4, Issue 1). Oxford University Press. https://doi.org/10.1093/cybsec/tyy006
Alodat, A. Y., Hao, Y., Nobanee, H., Ali, H., Mansour, M., & Al Amosh, H. (2024). Board characteristics and cybersecurity disclosure: evidence from the UK. Electronic Commerce Research. https://doi.org/10.1007/s10660-024-09867-w
Beechey, M., Kyriakopoulos, K. G., & Lambotharan, S. (2021). Evidential classification and feature selection for cyber-threat hunting. Knowledge-Based Systems, 226. https://doi.org/10.1016/j.knosys.2021.107120
Boggini, C. (2024). Reporting cybersecurity to stakeholders: A review of CSRD and the EU cyber legal framework. Computer Law and Security Review, 53. https://doi.org/10.1016/j.clsr.2024.105987
Gao, L., Calderon, T. G., & Tang, F. (2020). Public companies’ cybersecurity risk disclosures. International Journal of Accounting Information Systems, 38. https://doi.org/10.1016/j.accinf.2020.100468
Gordon, L. A., & Loeb, M. P. (2006). Managing cybersecurity resources: A cost-benefit analysis (Vol. 1). McGraw-Hill.
Jeong, J. J., Grobler, M., Chamikara, M. A. P., & Rudolph, C. (2019). Fuzzy Logic Application to Link National Culture and Cybersecurity Maturity. https://geerthofstede.com/research-and-vsm/dimension-data-matrix/
Kamiya, S., Kang, J. K., Kim, J., Milidonis, A., & Stulz, R. M. (2021). Risk management, firm reputation, and the impact of successful cyberattacks on target firms. Journal of Financial Economics, 139(3), 719–749. https://doi.org/10.1016/j.jfineco.2019.05.019
Leuz, C., & Wysocki, P. (2016). The Economics of Disclosure and Financial Reporting Regulation: Evidence and Suggestions for Future Research. http://ssrn.com/abstract=2733831http://ssrn.com/abstract=2733831www.ecgi.org/wphttps://ssrn.com/abstract=2733831
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126
Mazumder, M. M. M., & Hossain, D. M. (2023). Voluntary cybersecurity disclosure in the banking industry of Bangladesh: does board composition matter? Journal of Accounting in Emerging Economies, 13(2), 217–239. https://doi.org/10.1108/JAEE-07-2021-0237
Rizal, R., Selamat, S. R., Mas’ud, M. Z., & Widiyasono, N. (2025). Enhanced Readiness Forensic Framework for the Complexity of Internet of Things (IoT) Investigation Based on Artificial Intelligence. Journal of Advanced Research in Applied Sciences and Engineering Technology, 50(1), 121–135. https://doi.org/10.37934/araset.50.1.121135
Seid, E., Satheesh, S., Popov, O., & Blix, F. (2024). FAIR: Cyber Security Risk Quantification In Logistics Sector. Procedia Computer Science, 237, 783–792. https://doi.org/10.1016/j.procs.2024.05.166
Stempel, J. (2024, July 19). SolarWinds beats most of US SEC lawsuit over Russia-linked cyberattack. Reuters. https://www.reuters.com/legal/us-judge-dismisses-most-sec-lawsuit-against-solarwinds-concerning-cyberattack-2024-07-18/
Uslaner, J. D., & Brunetto, J. (2024, May 31). The SEC’s new cybersecurity disclosure rules decoded: what they mean for investors. Reuters. https://www.reuters.com/legal/legalindustry/secs-new-cybersecurity-disclosure-rules-decoded-what-they-mean-investors-2024-05-31/
Vostoupal, J., Stupka, V., Kasl, F., Loutocky, P., & Malinka, K. (2024). The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and beyond. https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new
Views:
31
Downloads:
9
Copyright (c) 2025 Lola Melindia, Yaeni Maryani, Fitri Pebrianti, Siti Jubaedah

This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles are published in open-access and licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). Hence, authors retain copyright to the content of the articles.
CC BY 4.0 License allows content to be copied, adapted, displayed, distributed, re-published or otherwise re-used for any purpose including for adaptation and commercial use provided the content is attributed.