In the modern corporate landscape, cybersecurity has long been viewed as a necessary expense—a "grudge purchase" designed to prevent disaster. However, a groundbreaking study presented at the 59th Hawaii International Conference on System Sciences (HICSS) | 2026 provides the first empirical evidence that cybersecurity is actually a driver of financial success.
The paper, titled "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls," introduces a novel way to measure a company's true commitment to security: by analyzing the discourse between executives and stakeholders in corporate conference calls.
The researchers used text mining and natural language processing (NLP) to develop a "Cybersecurity Readiness" metric based on how frequently outsiders (analysts, journalists, and investors) discussed security with firm leadership.
Their findings were clear: High cybersecurity readiness today leads to superior financial performance tomorrow.
Increased readiness is statistically linked to moderate improvements in Return on Assets (ROA) and Earnings Before Interest and Taxes on Assets (EBITAT) in the following fiscal year.
For every additional mention of a cybersecurity-related keyword by outsiders in these calls, a firm's ROA tends to increase by 0.0013% the following year.
Firms that proactively prepare and engage in security discourse signal to the market that they have a robust risk management strategy. Investors value this readiness as a "forward-looking" indicator of management quality, which directly shapes a firm's market valuation.
Prepared firms are less likely to have to shift resources away from R&D and future growth to cover the short-term costs of a "firefighting" response.
Organizations that fail to sufficiently prepare face catastrophic financial and operational consequences that extend far beyond the server room.
-
There are market capitalization hits: Public firms experience an average loss of 7.5% in stock value and $5.4 billion in market capitalization immediately following a breach incident.
-
There is a supply chain ripple: The impact of a data breach is rarely contained; it can result in losses up to 26 times greater across the broader supply chain ecosystem.
-
There is a loss of competitiveness: Roughly 60% of breached firms eventually pass their recovery costs onto customers by increasing prices, which directly undermines their market position.
This report provides InfoSec leaders with the data-backed leverage needed to change the conversation in the boardroom. Some key takeaways:
-
Cybersecurity is a strategic driver: Stop framing security as a cost center. Use these findings to demonstrate that readiness is an investment in Return on Assets (ROA) and long-term firm success.
-
Executive commitment is quantifiable: Investors are listening to "the tone at the top." CISOs should work with the C-suite to ensure that security commitment is clearly articulated during earnings calls and stakeholder interactions.
-
Proactive disclosure wins: The study emphasizes that while many firms hide breaches to avoid embarrassment, proactive readiness and transparency lead to more favorable market judgments.
For years, CISOs have fought the "cost center" stigma. Metrics have been presented on patches applied, threats blocked, and compliance boxes checked—all while trying to justify a budget that the board often views as a "grudge purchase."
The research team, led by Thi Tran of Binghamton University, didn't just look at balance sheets or breach reports. They went straight to the source of investor sentiment: corporate conference calls.
By applying advanced text-mining algorithms to transcripts from top-tier U.S. public companies over a 23-year span (2000–2023), researchers developed a novel "Cybersecurity Readiness" metric. They looked for how executives discussed preparedness, strategic commitment, and risk management with analysts and shareholders.
"If a company has been affected by a cyberattack and ignores it or doesn't make it clear they're taking appropriate steps to deal with the problem, that will diminish customer trust and send a bad signal to shareholders, so the readiness and continuous investment are very important," said Tran, assistant professor in the School of Management, who co-authored the study. "We found that if the firms are more open about the situation and make it known they are attempting to do something about it, that will increase stakeholder trust and the firm will perform better."
