European firms facing digital transformation increasingly rely on digital capital (DC) within intellectual capital (IC) as a strategic resource for innovation and for aligning business models with sustainability goals. Because digital human, digital structural, and digital relational capital are only partially represented in financial statements, DC disclosure has gained prominence within non-financial reporting as stakeholders demand greater transparency on the digital intangible drivers of value creation. DC is essential for enabling digital transformation, creating and leveraging knowledge but, at the same time, particularly vulnerable to cyber threats as it exposes firms to unprecedented cybersecurity risks. Recent attacks highlight how the governance and disclosure of DC are becoming increasingly relevant for investors, regulators, and society. Prior research focused on the economic determinants and consequences of cybersecurity risk disclosure, while empirical evidence shows that managers have incentives to withhold cyber-attacks or engage in earnings management to hide breaches. However, extant literature has neglected the connection of cybersecurity disclosure with the firm specific level of cyber risk. Our paper makes a distinctive contribution to the literature by investigating whether the disclosure of DC within sustainability reporting relates to firms’ exposure to cyber risk, providing a renewed perspective of corporate disclosure, as far as digital elements of IC are concerned. Building on the economic perspectives of agency theory, proprietary cost theory and the emerging literature on cybersecurity disclosure, this study rely on hand-collected data and panel methods on a sample of European listed companies from 2022 to 2024 and on self-constructed DC Disclosure Index (DCDI) and Cyber Risk Exposure Index (CREI) to explore the interplay between transparency and vulnerability in the digital domain. Our findings reveal a cybersecurity disclosure paradox: firms exposed to higher cyber risk tend to disclose less DC, suggesting the emergence of a protective opacity consistent with proprietary cost logic and strategic secrecy rather than legitimacy-driven transparency. While companies increasingly communicate digital relational and structural capital as part of their sustainability narratives, they appear hesitant to disclose sensitive digital capabilities when cyber threats intensify. The study contributes to the literature by reframing IC disclosure in light of cybersecurity challenges and by showing that DC operates under a different disclosure logic than traditional forms of IC. It also provides timely insights for regulators and practitioners as the CSRD introduces stricter reporting obligations on digitalisation, risk governance, and intangibles.
Digital Capital and Risk Exposure. The Cybersecurity Disclosure Paradox / Catuogno, S., Solimene, S.. - (2026). (XLI Convegno Nazionale AIDEA “Intelligenze Aziendali per la competitività sostenibile e il bene comune” Università Cattolica del Sacro Cuore di Milano 22 e 23 gennaio 2026).
Digital Capital and Risk Exposure. The Cybersecurity Disclosure Paradox
Simon Catuogno
;
2026
Abstract
European firms facing digital transformation increasingly rely on digital capital (DC) within intellectual capital (IC) as a strategic resource for innovation and for aligning business models with sustainability goals. Because digital human, digital structural, and digital relational capital are only partially represented in financial statements, DC disclosure has gained prominence within non-financial reporting as stakeholders demand greater transparency on the digital intangible drivers of value creation. DC is essential for enabling digital transformation, creating and leveraging knowledge but, at the same time, particularly vulnerable to cyber threats as it exposes firms to unprecedented cybersecurity risks. Recent attacks highlight how the governance and disclosure of DC are becoming increasingly relevant for investors, regulators, and society. Prior research focused on the economic determinants and consequences of cybersecurity risk disclosure, while empirical evidence shows that managers have incentives to withhold cyber-attacks or engage in earnings management to hide breaches. However, extant literature has neglected the connection of cybersecurity disclosure with the firm specific level of cyber risk. Our paper makes a distinctive contribution to the literature by investigating whether the disclosure of DC within sustainability reporting relates to firms’ exposure to cyber risk, providing a renewed perspective of corporate disclosure, as far as digital elements of IC are concerned. Building on the economic perspectives of agency theory, proprietary cost theory and the emerging literature on cybersecurity disclosure, this study rely on hand-collected data and panel methods on a sample of European listed companies from 2022 to 2024 and on self-constructed DC Disclosure Index (DCDI) and Cyber Risk Exposure Index (CREI) to explore the interplay between transparency and vulnerability in the digital domain. Our findings reveal a cybersecurity disclosure paradox: firms exposed to higher cyber risk tend to disclose less DC, suggesting the emergence of a protective opacity consistent with proprietary cost logic and strategic secrecy rather than legitimacy-driven transparency. While companies increasingly communicate digital relational and structural capital as part of their sustainability narratives, they appear hesitant to disclose sensitive digital capabilities when cyber threats intensify. The study contributes to the literature by reframing IC disclosure in light of cybersecurity challenges and by showing that DC operates under a different disclosure logic than traditional forms of IC. It also provides timely insights for regulators and practitioners as the CSRD introduces stricter reporting obligations on digitalisation, risk governance, and intangibles.| File | Dimensione | Formato | |
|---|---|---|---|
|
Aidea2026_Catuogno_Solimene.pdf
solo utenti autorizzati
Descrizione: Presentation AIDEA 2026
Tipologia:
Versione Editoriale (PDF)
Licenza:
Accesso privato/ristretto
Dimensione
168.49 kB
Formato
Adobe PDF
|
168.49 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
