This paper examines how governance and risk management affect risk-taking in banks. It distinguishes between good risks, which are risks that have an ex ante private reward for the bank on a stand-alone basis, and bad risks, which do not have such a reward. A well-governed bank takes the amount...

We develop a model where a firm has an optimal exposure to cyber risk. With rational, fully informed agents and with no hysteresis, a successful cyberattack should have no impact on a financially unconstrained target's reputation and post-attack policies. In contrast, when a successful attack...

This paper examines how governance and risk management affect risk-taking in banks. It distinguishes between good risks, which are risks that have an ex ante private reward for the bank on a stand-alone basis, and bad risks, which do not have such a reward. A well-governed bank takes the amount...

We examine which firms are targets of cyberattacks and how they are affected. We find that cyberattacks cause firms to reassess the risks that they are exposed to and their consequences, so that they have real effects on firm policies even when targets are not financially constrained....