Dr. Kate Campbell’s 2003 paper in the Journal of Computer Security cited in the SEC’s July 2023 Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure final rule

Dr. Kate Campbell’s 2003 paper in the Journal of Computer Security was recently cited in the SEC’s July 2023 Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure final rule.

Campbell’s paper, “The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market,” was published in the Journal of Computer Security and co-authored with Lawrence Gordon, Martin Loeb, and Lei Zhou.

The article was cited in the SEC’s July 2023 Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure final rule. This rule requires registrants to disclose material cybersecurity incidents and other information about cybersecurity risk management, strategy and governance.

Their paper has more than 1,000 citations and has become a foundational paper documenting economic implications of information security breaches and providing evidence that the type of cyber-attack matters. In recent years the SEC increasingly has been citing academic papers published in highly ranked journals in its rule making process, particularly in supporting its economic cost and benefit analysis of proposed rule changes.  The incorporation of academic literature in the regulatory process highlights the impact that academic research can have on improving regulation that affects companies, investors, the economy and society.