Disclosures on Cybersecurity, Cyber Risks, and Information Security in Non-Financial Reports of Polish Companies
Purpose: The aim of the article is to identify and assess the scope of disclosures on cybersecurity, cyber risks, and cyber threats in the non-financial reports of selected companies listed on the Warsaw Stock Exchange. The subject of the study included the non-financial reports of five selected companies operating in sectors designated as operators of essential services under the Act on the National Cybersecurity System (2018), prepared for the year 2023. Design/methodology/approach: The study employed a method of literature review, and the content analysis of selected non-financial reports in terms of disclosures related to cybersecurity, cyber risks, and cyber threats of companies. Findings: The findings of the study revealed that disclosures related to cyber risks and cybersecurity in the examined companies are relatively limited. Practical Implications: The results of the study complement the research gap of current literature on the non-financial reporting by presenting the examples of Polish non-financial reports. Originality/Value: The research presented in the article contributes to the current literature on non-financial reporting by identifying gaps related to reporting on measures taken to mitigate the risks associated with cyber threats, and is aimed at presenting a critical interpretative perspective.