This study aims to examine the correlation between board composition and cybersecurity disclosure (CSD) in Southeast Asia banking companies, while  investigating the influence of financial characteristics such as profitability, leverage, and firm size on CSD practices. The quantitative analysis methodology is employed in this paper. The level of cybersecurity disclosure in annual reports is analyzed using content analysis with 54 keywords, analyzed through NVIVO 14 software. The correlation between variables is examined using STATA Software with panel data comprising 391 observations. The study focuses on 101 Southeast Asia banking companies from 2017 to 2021. The results indicate that only firm size, measured by the natural logarithm of total assets, has a positive and significant influence on CSD. This suggests that larger firms with higher total assets are more likely to voluntarily disclose cybersecurity information in their annual reports. No statistically significant correlation is found between board composition, other financial factors, and CSD during the study period. This paper acknowledges its limitations and proposes directions for future research. Firstly, the study is limited to listed commercial banks. Future research should include a larger sample encompassing non-financial industry firms. Secondly, the study employs automated content analysis, specifically counting keywords, to assess the quantity of CSD. Future research could conduct discourse analysis of CSD narratives to provide a more meaningful analysis. This approach would evaluate whether the language and tone of CSD convey substantial information to stakeholders or if it is merely a standardized practice. Additionally, future research should explore other variables impacting voluntary CSD and examine economic consequences, such as the effect on the cost of capital. The findings have implications for regulators, policymakers, and companies, enabling regulators to better understand the current level of CSD and determine the need for further guidance.

Abeysekera, I. (2010). The influence of board size on intellectual capital disclosure by Kenyan listed firms. Journal of Intellectual Capital, 11(4), 504–518. ttps://doi.org/10.1108/14691931011085650

Accenture. (1970, July 2). Accenture and Ponemon Institute Report: Cyber crime drains $11.7 million per business annually, up 62 percent in five years. Newsroom. https://newsroom.accenture.com/news/accenture-and-ponemon- institute-report-cyber-crime-drains-11-7-million-per-business-annually-up- 62-percent-in-five-years.htm

Abraham, S., & Cox, P. (2007). Analysing the determinants of narrative risk information in UK FTSE 100 annual reports. British Accounting Review, 39(3), 227–248. https://doi.org/10.1016/j.bar.2007.06.002

Adams, R. B., & Ferreira, D. (2009). Women in the boardroom and their impact on governance and performance. Journal of Financial Economics, 94(2), 291–309. https://doi.org/10.1016/j.jfineco.2008.10.007

Adams, R. B., Hermalin, B. E., & Weisbach, M. S. (2011). The Role of Boards of Directors in Corporate Governance: A Conceptual Framework & Survey.

SSRN Electronic Journal. https://doi.org/10.2139/ssrn.1299212

Barry, T., Jona, J., & Soderstrom, N.S. (2021). The Impact of Country

Institutional Factors on Firm Disclosure: Cybersecurity Disclosures in Chinese Cross-Listed Firms. SSRN Electronic Journal.

Beretta, S., & Bozzolan, S. (2004). A framework for the analysis of firm risk communication. International Journal of Accounting, 39(3), 265–288. https://doi.org/10.1016/j.intacc.2004.06.006

Bourdon, B. (2020, November 3). The avoidable mistakes executives continue to make after a data breach. Harvard Business Review. https://hbr.org/2017/11/the-avoidable-mistakes-executives-continue-to- make-after-a-data-breach

Cabedo, J. D., & Tirado, J. M. (2004). The disclosure of risk in financial statements. Accounting Forum, 28(2), 181–200. https://doi.org/10.1016/j.accfor.2003.10.002

Campbell, J. L., Chen, H., Dhaliwal, D. S., Lu, H., & Steele, L. B. (2012). The Information Content of Mandatory Risk Factor Disclosures in Corporate Filings. SSRN Electronic Journal, October. https://doi.org/10.2139/ssrn.1694279

Coffey, B. S., & Wang, J. (1998). Board diversity and managerial control as predictors of corporate social performance. Journal of Business Ethics, 17(14), 1595–1603. https://doi.org/10.1023/A:1005748230228

Corlett & Aigner. (1971). regression, even when it seems inappropriate, mainly in order that. 770–772.

Creado, Y., & Ramteke, V. (2020). Active cyber defence strategies and techniques for banks and financial institutions. Journal of Financial

Crime, 27(3), 771–780. https://doi.org/10.1108/JFC-01-2020-0008

Daily, C. M., & Dalton, D. A. N. R. (2003). Introduction To Special Topic Forum Corporate Governance : Decades of Dialogue and Data. 28(3), 371–382.

Donnelly, R., & Mulcahy, M. (2008). Board structure, ownership, and voluntary disclosure in Ireland. Corporate Governance: An International Review, 16(5), 416–429. https://doi.org/10.1111/j.1467-8683.2008.00692.x

Elzahar, H., & Hussainey, K. (2012). Determinants of narrative risk disclosures in UK interim reports. Journal of Risk Finance, 13(2), 133–147. https://doi.org/10.1108/15265941211203189

Fama, E. (2012). Agency problems and the theory of the firm. The Economic Nature of the Firm: A Reader, Third Edition, 88(21), 270–282. https://doi.org/10.1017/CBO9780511817410.022

FBI. (2021, March 17). IC3 releases 2020 internet crime report. FBI. https://www.fbi.gov/news/press-releases/fbi-releases-the-internet-crime- complaint-center-2020-internet-crime-report-including-covid-19-scam- statistics

Gao, L., Calderon, T. G., & Tang, F. (2020). Public companies’ cybersecurity risk disclosures. International Journal of Accounting Information Systems, 38, 100468. https://doi.org/10.1016/j.accinf.2020.100468

Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300. https://doi.org/10.1007/s10479-015-1925-2

Hillman, A. J., & Dalziel, T. (2003). Boards of directors and firm performance: Integrating agency and resource dependence perspectives. Academy of Management Review, 28(3), 383–396. https://doi.org/10.5465/AMR.2003.10196729

Jensen, M. C. (2005). Modern Industrial Revolution, Exit, and the Failure of Internal Control Systems. SSRN Electronic Journal, December 2000. https://doi.org/10.2139/ssrn.93988

Jensen, M. C., & Meckling, W. H. (1976). Theory of the Firm: Managerial Behavior, Agency Costs and Ownership Structure, 3 J. Fin. Econ. 305 (1976). Economic Analysis of the Law, H. MECKLING Copyright © 2003 by Blackwell Publishing Ltd, 162–176.

Kent Baker, H., Pandey, N., Kumar, S., & Haldar, A. (2020). A bibliometric analysis of board diversity: Current status, development, and future research directions. Journal of Business Research, 108(August 2019), 232–246. https://doi.org/10.1016/j.jbusres.2019.11.025

Kolsi. (2017). Journal of Accounting in Emerging Economies Article information : The Determinants of Corporate Voluntary Disclosure Policy : Evidence from Abu Dhabi Securities Exchange ( ADX ). Journal of Accounting in Emerging Economies, 7(2).

Krus, C. M. (2012). Who is listening? The SEC emphasizes importance of cybersecurity disclosure. Journal of Investment Compliance, 13(1), 30–32. https://doi.org/10.1108/15285811211216673

Kshetri, N. (2008). Chinese technology enterprises in developing countries: sources of strategic fit and institutional legitimacy. The Rapidly Transforming Chinese High-Technology Industry and Market, 181–200. https://doi.org/10.1016/b978-1-84334-464-3.50012-x

Li, H., No, W. G., & Wang, T. (2018). SEC’s cybersecurity disclosure guidance and disclosed cybersecurity risk factors. International Journal of Accounting Information Systems, 30(xxxx), 40–55. https://doi.org/10.1016/j.accinf.2018.06.003

Linsley, P. M., & Shrives, P. J. (2006). Risk reporting: A study of risk disclosures in the annual reports of UK companies. British Accounting Review, 38(4), 387–404. https://doi.org/10.1016/j.bar.2006.05.002

Loasby, B. J. (1979). Review Authors: Brian J . Loasby Review by : Brian J . Loasby Published by : Wiley on behalf of the Royal Economic Society Stable URL : http://www.jstor.org/stable/2231527 Accessed : 27-06-2016 01 : 38 UTC. The Economic Journal, 89(356), 969–970. http://www.jstor.org/stable/2231527

Lopes, P. T., & Rodrigues, L. L. (2007). Accounting for financial instruments: An analysis of the determinants of disclosure in the Portuguese stock exchange. International Journal of Accounting, 42(1), 25–56. https://doi.org/10.1016/j.intacc.2006.12.002

Matters, B. (2021). Ey-Cbm-Cybersecurity-Disclosures-2021. September, 1–10.

Mazumder, M. M. M., & Hossain, D. M. (2022). Voluntary cybersecurity disclosure in the banking industry of Bangladesh: does board composition matter? Journal of Accounting in Emerging Economies. https://doi.org/10.1108/JAEE-07-2021-0237

Mirchandani, B. (2018, September 4). Laughing all the way to the bank: Cybercriminals targeting U.S. Financial Institutions. Forbes. https://www.forbes.com/sites/bhaktimirchandani/2018/08/28/laughing-all- the-way-to-the-bank-cybercriminals-targeting-us-financial-institutions/

Mizan, N. S. M., & Ma, M. Y. (2019). CNDS-Cybersecurity : Issues and Challenges in ASEAN Countries International Journal of Advanced Trends in Computer Science and Engineering Available Online at http://www.warse.org/IJATCSE/static/pdf/file/ijatcse1781.42019.pdf CNDS- Cybersecurity : Issues a. October.

Nahar, S., Azim, M., & Jubb, C. A. (2016). Risk disclosure, cost of capital and bank performance. International Journal of Accounting and Information Management, 24(4), 476–494. https://doi.org/10.1108/IJAIM-02-2016-0016

Neri, L., Elshandidy, T., & Guo, Y. (2018). Determinants and impacts of risk disclosure quality: evidence from China. Journal of Applied Accounting Research, 19(4), 518–536. https://doi.org/10.1108/JAAR-07-2016-0066

Oliveira, J., Rodrigas, L. L., & Craig, R. (2011). Risk‐related disclosures by non‐finance companies Portuguese practices and disclosure. Managerial Auditing Journal, 26(9), 817–839. https://doi.org/10.1108/02686901111171466

PricewaterhouseCoopers. (n.d.-a). A C-suite united for a cyber-ready future. PwC. https://www.pwc.com/us/en/services/consulting/cybersecurity-risk- regulatory/library/global-digital-trust-insights.html

PricewaterhouseCoopers. (n.d.-b). PWC Pulse Survey: Managing Business Risks. PwC. https://www.pwc.com/us/en/library/pulse-survey/managing-business- risks.html

Prince, J. Ben, & Dwivedi, N. (2013). A third dimension to understanding voluntary disclosures. Journal of Business Strategy, 34(4), 48–54. https://doi.org/10.1108/JBS-11-2012-0063

Radu, C., & Smaili, N. (2022). Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure. Journal of Business Ethics, 177(2), 351–374. https://doi.org/10.1007/s10551-020-04717-9

Saggar, R., & Singh, B. (2017). Corporate governance and risk reporting: Indian evidence. Managerial Auditing Journal, 32(4–5), 378–405. https://doi.org/10.1108/MAJ-03-2016-1341

Siegel, B. (2022, January 24). Ransomware payments up 33% in Q1 2020. Coveware. https://www.coveware.com/blog/q1-2020-ransomware- marketplace-report

Srinidhi, B., Gul, F. A., & Tsui, J. (2011). Female directors and earnings quality. Contemporary Accounting Research, 28(5), 1610–1644. https://doi.org/10.1111/j.1911-3846.2011.01071.x

Syeliya Md Zaini, Grant Samkin, Umesh Sharma, H. D. (2010). Journal of Accounting in Emerging Economies. Journal of Applied Accounting Research, 11(1). https://doi.org/10.1108/jaar.2010.37511aaa.003

Tejedo-Romero, F., Rodrigues, L. L., & Craig, R. (2017). Women directors and disclosure of intellectual capital information. European Research on Management and Business Economics, 23(3), 123–131. https://doi.org/10.1016/j.iedeen.2017.06.003

Terjesen, S., Couto, E. B., & Francisco, P. M. (2016). Does the presence of independent and female directors impact firm performance? A multi-country study of board diversity. Journal of Management and Governance, 20(3), 447–483. https://doi.org/10.1007/s10997-014-9307-8

Terjesen, S., Sealy, R., & Singh, V. (2009). Women directors on corporate boards: A review and research agenda. Corporate Governance: An International Review, 17(3), 320–337. https://doi.org/10.1111/j.1467-8683.2009.00742.x

United Nations. (n.d.). Developing countries most vulnerable to cyberattacks – un UN news. United Nations. https://news.un.org/en/story/2011/12/397922

Veltrop, D. B., Molleman, E., Hooghiemstra, R., & van Ees, H. (2018). The Relationship Between Tenure and Outside Director Task Involvement: A Social Identity Perspective. Journal of Management, 44(2), 445–469. https://doi.org/10.1177/0149206315579510

Virtanen, A. (2012). Women on the boards of listed companies: Evidence from Finland. Journal of Management and Governance, 16(4), 571–593. https://doi.org/10.1007/s10997-010-9164-z 155. https://doi.org/10.30630/jam.v15i2.114