Title: Information security disclosures in healthcare: the impact of the 2018 SEC Guidance

Authors: Lorenz Bohn; Dirk Schiereck

Addresses: Technische Universität Darmstadt, Karolinenplatz 5 64289 Darmstadt, Germany ' Technische Universität Darmstadt, Karolinenplatz 5 64289 Darmstadt, Germany

Abstract: This study aims to analyse the impact of the SEC guidance from 2018 on information security risk disclosures in the healthcare sector and determine factors that influence disclosure practices. We show a big shift in disclosure practices following the SEC guidance. While the overall level of similarity across the entire sample remains stable, there is a clear industry specific convergence of information security risk disclosures. Additionally, results reveal that analysts play a key role in shaping disclosure behaviour. A higher number of analysts covering a given firm cause it to provide more detailed and extensive information security risks disclosures. At the same time, this increased level of disclosures does not go hand in hand with a high level of similarity which indicates that these disclosures are company specific and likely of higher informational value.

Keywords: information security; disclosures; healthcare; information security risk; disclosure practices; SEC guidance; similarity.

DOI: 10.1504/IJMP.2025.147619

International Journal of Management Practice, 2025 Vol.18 No.4, pp.421 - 443

Received: 01 Jun 2023
Accepted: 07 Mar 2024
Published online: 24 Jul 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article