年報資安揭露語調對企業價值之影響：以台灣上市櫃公司為例

Abstract

我國金融監督管理委員會於 2021 年要求上市櫃公司應於年報針對資通安全管理進行資訊揭露，以強化企業資安管理，並有助於投資人進一步了解企業經營狀況，提升年報之溝通價值。本研究旨在應用文字探勘技術中的 Latent Dirichlet Allocation (LDA) 建立文件主題模型，並以情緒分析 (Sentiment Analysis) 剖析 2018 年至 2020 年台灣上市櫃公司的年報資安揭露內容，探討資安揭露語調對於企業價值的影響，以評估資安揭露是否具有資訊價值。 實證結果顯示，當年資安揭露語調與當年股東會年報發布後的企業價值並沒有呈現顯著關係。然而，本研究亦發現，台灣年報的資安揭露長度較揭露語調更能反映企業價值，當年資安揭露長度對當年股東會年報發布後的企業價值存在顯著負向影響。推論原因可能為揭露愈多資安訊息表示公司面臨的資安風險較高，後續發生資安事件的可能性也較高，因此揭露長度與企業價值呈現負向關係。

In 2021, Financial Supervisory Commission requires that all the companies listed at stock exchange market or over-the-counter market should disclose information on cyber security management in their annual reports, in order to strengthen corporate cyber security management, and help investors to better understand the company's operating conditions, enhancing the communicative value of the annual reports. This paper applies Latent Dirichlet Allocation (LDA), a text mining technique, to construct topic model, and to analyze the cyber security disclosure in annual reports of Taiwan's listed companies from 2018 to 2020 by using sentiment analysis. This paper also tries to explore the effect of cyber security disclosure tone on firm value to assess whether the cyber security disclosure has information value. The empirical results show that there is no significant association between the tone in cyber security disclosure and the firm value after the release of the annual report. However, this study finds that the length of cyber security disclosure can better reflect the firm value than the tone of disclosure, and the length of disclosure has significant negative effect on the firm value after the release of the annual report. In sum, the results may suggest that the more cyber security information is disclosed, the higher the cyber security risk faced by the company, and the higher the possibility of subsequent cyber security incidents, which cause a negative association between the length of cyber security disclosure and the firm value.