Purpose This study aims to examine how firm maturity shapes corporate cybersecurity risk. Drawing on corporate life cycle theory, it assesses whether older firms are more or less vulnerable to cyber threats and how financial and governance characteristics influence this relationship. Design/methodology/approach Cybersecurity risk is measured using a novel text-based metric developed by Florackis et al. (2023), which applies machine learning to annual report disclosures. Using a large panel of US firms, the analysis uses OLS regression with industry and year fixed effects. To enhance robustness, propensity score matching and entropy balancing are used. Interaction analyses further examine profitability, leverage, cash reserves, dividends and managerial ownership. Findings Older firms exhibit significantly lower cybersecurity risk, reflecting accumulated experience, stronger internal systems and more developed governance. This risk-reducing effect strengthens with profitability, cash reserves and dividend payouts but weakens with high leverage. Higher managerial ownership further enhances older firms’ ability to mitigate cyber risk by better aligning managerial and shareholder incentives. Reductions in cybersecurity risk attributable to firm age are also associated with higher firm value and stronger operating performance. Originality/value This study shifts focus from the consequences of cybersecurity risk to its determinants by integrating corporate life cycle theory into cybersecurity research. Using an advanced text-based risk measure, it highlights how maturity, financial structure and governance jointly shape firms’ cybersecurity resilience.
Chatjuthamard et al. (Tue,) studied this question.