Cyber Security disclosure in the banking sector: A case of South Africa and China

Abstract

This study compares risk reporting, specifically cyber risk reporting, between South Africanand Chinesebanks.Major corporate scandals had significant impacts on the economic environmentand has led to an increased interest in risk reporting.The population is all the listed financial service providers (banks) in South Africa and China. By purposeful sampling the four biggest banks in each country were selected based on their asset value. The research method utilised is content analysis. A disclosure index is developed from the literature study andused to analyse the results. It is concluded that the disclosure practices on cyber risks of the banks differ substantively between the two countries.China does not explicitly refer to cyber risk but only discloses it as an operational risk in its annual reports. No ranking is associated with any of their risks or categories. This is in contrast when compared to the South African annual reports as South African banks clearly define cyber risk andrank it amongst their top risks.