Do Auditors Consider Cybersecurity Insurance in Pricing Audits?

Prior research has shown that security breaches are associated with an increase in auditor fees (Smith, Higgs, and Pinsker, 2019). Auditors serve an important role in external governance with respect to a firm’s overall risk management protocol. Cybersecurity insurance provides financial protection against unexpected security breaches, helping businesses manage risk that could otherwise lead to significant financial hardship. Our study examines the role cybersecurity insurance plays in mitigating the breach risk audit fee premium. Using a sample of firms from 2008-2018, we explore how auditors view audit risk related to breach risk and whether cybersecurity insurance mitigates this risk premium. Our evidence suggests that the purchase of cyber insurance results in higher audit fees, but that coupling cyber risk oversight within the audit committee with the acquisition of cyber insurance reduces auditors’ perceptions of risk in post breach periods. These results should provide guidance to firms and regulators as they seek to address and mitigate the business risks associated with information technology.