Systematic review of cyberrisk disclosure practices: insights and implications

Purpose This paper systematically reviews earlier cyber risk disclosure literature. It also seeks to identify research gaps in cyber risk disclosure literature and provide directions for further studies and consolidates insights from a comprehensive systematic literature review. Design/methodology/approach The systematic appraisal encompasses 24 papers, allowing for a robust synthesis of scientific knowledge in the field. Findings A systematic literature review of 24 studies on cyber risk disclosures reveals an upward trajectory in research productivity but inconsistent citation impact, a predominant focus on large organizations in developed countries, an over-reliance on analytical methods rather than empirical approaches, and substantial gaps around investigating links between disclosure strategies and performance outcomes across different institutional contexts. The study aims to guide future scholarship to address the identified gaps, such as through comparative multi-country studies, longitudinal designs, and investigations into disclosure outcomes. Practical implications The main implications for practice arising from this review include disclosure policies and direction for organizations on how they can relay cyber risk information, as organizations should consider implementing standardized frameworks for reporting cyber risks, which include specific metrics for assessing risk exposure and the effectiveness of mitigation strategies. Additionally, training programs for employees on the importance of cyber risk disclosure can foster a culture of openness and accountability. Originality/value The research findings on cyber risk disclosure will open the way for further studies due to the significant role of cybersecurity in businesses.