Acquisti, A., Friedman, A., & Telang, R. (2006). Is there a cost to privacy breaches? An event study. ICIS 2006 Proceedings, 94.
Akey, P., Lewellen, S., Liskovich, I., & Schiller, C. (2021). Hacking corporate reputations. Rotman School of Management Working Paper, No. 3143740.
Altarawneh, M., Shafie, R., & Ishak, R. (2020). CEO characteristics: A literature review and future directions. Academy of Strategic Management Journal, 19(1).
Amir, E., Levi, S., & Livne, T. (2018). Do firms underreport information on cyber-attacks? Evidence from capital markets. Review of Accounting Studies, 23, 1177-1206.
Andreou, P. C., Philip, D., & Robejsek, P. (2016). Bank liquidity creation and risk-taking: Does managerial ability matter? Journal of Business Finance & Accounting, 43(1-2), 226-259.
Ashraf, M. (2021). Potentially unintended consequences of the SEC restricting managerial discretion: Evidence from peer data breaches and cyber risk factors. Available at SSRN 3807487.
Ashraf, M. (2022). The role of peer events in corporate governance: Evidence from data breaches. The Accounting Review, 97(2), 1-24.
Barker III, V. L., & Mueller, G. C. (2002). CEO characteristics and firm R&D spending. Management Science, 48(6), 782-801.
Bertrand, M., & Schoar, A. (2003). Managing with style: The effect of managers on firm policies. The Quarterly Journal of Economics, 118(4), 1169-1208.
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431-448.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70- 104.
Chang, Y. Y., Dasgupta, S., & Hilary, G. (2010). CEO ability, pay, and firm performance. Management Science, 56(10), 1633-1652.
Chemmanur, T. J., & Paeglis, I. (2005). Management quality, certification, and initial public offerings. Journal of Financial Economics, 76(2), 331-368.
Chen, G., Huang, S., Meyer-Doyle, P., & Mindruta, D. (2021). Generalist versus specialist CEOs and acquisitions: Two-sided matching and the impact of CEO characteristics on firm outcomes. Strategic Management Journal, 42(6), 1184-1214.
Chen, J., Henry, E., & Jiang, X. (2023). Is cybersecurity risk factor disclosure informative? Evidence from disclosures following a data breach. Journal of Business Ethics, 187(1), 199-224.
Chen, S., Li, Z., Han, B., & Ma, H. (2021). Managerial ability, internal control and investment efficiency. Journal of Behavioral and Experimental Finance, 31, 100523.
Chen, Y., Podolski, E. J., & Veeraraghavan, M. (2015). Does managerial ability facilitate corporate innovative success?. Journal of empirical finance, 34, 313-326.
Chemmanur, T. J., Paeglis, I., & Simonyan, K. (2009). Management quality, financial and investment policies, and asymmetric information. Journal of Financial and Quantitative Analysis, 44(5), 1045-1079.
Cumming, D., Dannhauser, R., & Johan, S. (2015). Financial market misconduct and agency conflicts: A synthesis and future directions. Journal of Corporate Finance, 34, 150-168.
Custódio, C., & Metzger, D. (2014). Financial expert CEOs: CEO's work experience and firm's financial policies. Journal of Financial Economics, 114(1), 125-154.
Demerjian, P., Lev, B., & McVay, S. (2012). Quantifying managerial ability: A new measure and validity tests. Management Science, 58(7), 1229-1248.

Demerjian, P. R., Lev, B., Lewis, M. F., & McVay, S. E. (2013). Managerial ability and earnings quality. The Accounting Review, 88(2), 463-498.

Dyer, T., Lang, M., & Stice-Lawrence, L. (2017). The evolution of 10-K textual disclosure: Evidence from Latent Dirichlet Allocation. Journal of Accounting and Economics, 64(2-3), 221-245.

Ettredge, M. L., & Richardson, V. J. (2003). Information transfer among internet firms: The case of hacker attacks. Journal of Information Systems, 17(2), 71-82.

Gaganis, C., Galariotis, E., Pasiouras, F., & Tasiou, M. (2023). Managerial ability and corporate greenhouse gas emissions. Journal of Economic Behavior & Organization, 212, 438-453.

Gordon, L. A., Loeb, M. P., & Zhou, L. (2011). The impact of information security breaches: Has there been a downward shift in costs? Journal of Computer Security, 19(1), 33-56.
Gordon, L. A., Loeb, M. P., & Zhou, L. (2016). Investing in cybersecurity: Insights from the Gordon-Loeb model. Journal of Information Security, 7(02), 49.

Hambrick, D. C., & Mason, P. A. (1984). Upper echelons: The organization as a reflection of its top managers. Academy of Management Review, 9(2), 193-206.
Hermalin, B. E., & Weisbach, M. S. (2017). Assessing managerial ability: Implications for corporate governance. In The Handbook of the Economics of Corporate Governance (Vol. 1, pp. 93-176). North-Holland.

Hope, O. K., Hu, D., & Lu, H. (2016). The benefits of specific risk-factor disclosures. Review of Accounting Studies, 21, 1005-1045.
Huang, H. H., & Wang, C. (2021). Do banks price firms' data breaches? The Accounting Review, 96(3), 261-286.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85-105.
Jebran, K., & Chen, S. (2022). Corporate policies and outcomes during the COVID-19 crisis: Does managerial ability matter? Pacific-Basin Finance Journal, 73, 101743.
Jiraporn, P., Leelalai, V., & Tong, S. (2016). The effect of managerial ability on dividend policy: How do talented managers view dividend payouts? Applied Economics Letters, 23(12), 857-862.
Johnson, S. A., Ryan Jr, H. E., & Tian, Y. S. (2009). Managerial incentives and corporate fraud: The sources of incentives matter. Review of Finance, 13(1), 115-145.
Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69-91.
Karpoff, J. M., & Lott Jr, J. R. (1993). The reputational penalty firms bear from committing criminal fraud. The Journal of Law and Economics, 36(2), 757-802.
Kaspersky. (2021). IT Security Economics Report. Retrieved from [URL]

Köster, H., & Pelster, M. (2017). Financial penalties and bank performance. Journal of Banking & Finance, 79, 57-73.

Lending, C., Minnick, K., & Schorno, P. J. (2018). Corporate governance, social responsibility, and data breaches. Financial Review, 53(2), 413-455.

Li, H., Yoo, S., & Kettinger, W. J. (2021). The roles of IT strategies and security investments in reducing organizational security breaches. Journal of Management Information Systems, 38(1), 222-245.

Li, W. W., Leung, C. M., & Yue, W. T. (2023). Where is IT in information security? The interrelationship among IT investment, security awareness, and data breaches. MIS Quarterly, 47(1).

Mishra, C. S. (2023). Managerial ability and strategic orientation. Review of Managerial Science, 17(4), 1333-1363.

Pan, Q., & Li, X. (2016). Managers' ability institutional investors and over-investment of enterprise. Modern Management Science, (03), 106-108. (in Chinese)

Ponemon Institute (2014). Cost of Data Breach Study: Global Analysis. Ponemon Institute Research Report.

Ponemon Institute (2017). Cost of Data Breach Study: Global Overview. Ponemon Institute Research Report.
Rothrock, R. A., Kaplan, J., & Van Der Oord, F. (2018). The board's role in managing cybersecurity risks. MIT Sloan Management Review, 59(2), 12-15.
Shevchenko, P. V., Jang, J., Malavasi, M., Peters, G. W., Sofronov, G., & Trück, S. (2023). The nature of losses from cyber-related events: Risk categories and business sectors. Journal of Cybersecurity, 9(1), tyac016.
Skinner, D. J. (1994). Why firms voluntarily disclose bad news. Journal of Accounting Research, 32(1), 38-60.
Skinner, D. J. (1997). Earnings disclosures and stockholder lawsuits. Journal of Accounting and Economics, 23(3), 249-282.
So, E. C., & Wang, S. (2014). News-driven return reversals: Liquidity provision ahead of earnings announcements. Journal of Financial Economics, 114(1), 20-35.
Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC). (2022).
Tetlock, P. C., Saar-Tsechansky, M., & Macskassy, S. (2008). More than words: Quantifying language to measure firms' fundamentals. The Journal of Finance, 63(3), 1437-1467.
Tosun, O. K. (2021). Cyber-attacks and stock market activity. International Review of Financial Analysis, 76, 101795.

Wang, P., D'Cruze, H., & Wood, D. (2019). Economic costs and impacts of business data breaches. Issues in Information Systems, 20(2), 162-171.

Yayla, A. A., & Hu, Q. (2011). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology, 26(1), 60-77.

Yung, K., & Chen, C. (2018). Managerial ability and firm risk-taking behavior. Review of Quantitative Finance and Accounting, 51, 1005-1032.

Zaman, R., Atawnah, N., Baghdadi, G. A., & Liu, J. (2021). Fiduciary duty or loyalty? Evidence from co-opted boards and corporate misconduct. Journal of Corporate Finance, 70, 102066.

Zaman, R., Atawnah, N., Nadeem, M., Bahadar, S., & Shakri, I. H. (2022). Do liquid assets lure managers? Evidence from corporate misconduct. Journal of Business Finance & Accounting, 49(7-8), 1425-1453.