Cybersecurity Risk Disclosure and Market Valuation of Listed Companies in Nigeria

This study examines the relationship between cybersecurity risk disclosure (CRD) and the market valuation of listed companies on the Nigerian Exchange Group (NGX) for the period 2015–2024. Using a panel dataset of 151 listed firms over ten years, yielding 1,510 firm-year observations, the study employs pooled ordinary least squares (OLS), fixed effects (FE), random effects (RE), and System Generalised Method of Moments (GMM) estimation techniques. Market valuation is proxied by Tobin's Q, while cybersecurity risk disclosure is measured through a content analysis-based index derived from annual report narratives. Control variables include firm size (FS), industry type (INDT), firm age (FA), board size (BS), R p < 0.01), suggesting that transparent cyber-risk reporting enhances investor confidence and reduces information asymmetry. Firm size, industry type, R&D expenditure, board size, and ownership structure are significant positive determinants of market valuation, while firm age exhibits no significant effect. Results are robust to endogeneity correction via System GMM and to post-estimation diagnostics, including the Hausman test, Arellano-Bond AR(2) test, and Hansen J overidentification test. The study contributes to the nascent but growing literature on cybersecurity disclosure in sub-Saharan African capital markets and offers actionable policy implications for listed firms, regulators, and institutional investors in Nigeria.