网络安全风险治理与企业创新——基于大语言模型的识别与发现

摘要
参考文献
补充材料
相关文章
推荐阅读

下载:

PDF (852KB)
输出: BibTeX | EndNote (RIS)

摘要本文基于2007—2021年中国A股上市企业年报文本,运用大语言模型构建了衡量企业网络安全风险治理水平的指标,实证检验网络安全风险治理对企业创新的影响与内在机制。研究发现:(1)网络安全风险治理显著提高了企业创新产出,其关键机制在于数据利用效率提升、合作创新关系稳固和融资约束缓解;(2)该促进作用在地区网络环境较为复杂、数字技术依赖程度和国际化水平较高的企业中表现更显著,并推动企业更加重视网络安全领域的专利创造;(3)企业网络安全风险治理在供应链纵向关系中存在非对称溢出效应,对上游供应商开展网络安全创新具有正向促进作用,而对下游客户则产生反向抑制。本文研究结论表明,在数字经济时代,企业须着力提升网络安全风险治理能力,在保障网络安全的基础上实现高质量创新。

	服务
	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS
	（）
	作者相关文章
	杨鹏
	孙伟增
	田轩
	左祥太

关键词: 网络安全风险治理企业创新大语言模型供应链溢出效应

Summary: In the digital economy era, the deep penetration of data elements and rapid iteration of digital technologies have created unprecedented opportunities for corporate innovation, while simultaneously rendering cybersecurity risks a critical constraint on innovation. However, the academic literature has not reached a consensus on the impact of cybersecurity risks on firm innovation. From a risk-hedging perspective, Lattanzio and Ma (2023) argue that cybersecurity risks diminish the value of trade secrets and increase confidentiality costs, prompting firms to file more patents to protect intellectual property as a means of reducing reliance on trade secrets and hedging against data breach risks. Gomes et al. (2023) posit from a technological progress perspective that cybersecurity risks compel firms to prioritize internal cybersecurity defenses and increase research and development (R&D) expenditure in digital technologies. Conversely, He et al. (2020) find that firms experiencing cyberattacks tend to increase cash holdings as a precautionary measure against cybersecurity threats, resulting in reduced R&D investment. Wang et al. (2024) contend from an innovation cost perspective that cybersecurity risk prevention requires substantial capital investment to secure software, hardware, and network operations, thereby crowding out R&D funding.
Evidently, existing research provides insufficient guidance for corporate cybersecurity governance decisions. Regrettably, no studies have examined how cybersecurity risk governance affects firm innovation from a risk governance perspective. This paper argues that a primary source of the gap between theory and practice, and a key research challenge, lies in the inability of conventional text analysis methods to accurately capture corporate cybersecurity risk governance behavior. Listed firms typically disclose cybersecurity-related information in annual reports to signal their awareness of cybersecurity risks and corresponding governance measures to the market (Florackis et al., 2023). Consequently, scholars predominantly employ dictionary-based approaches, measuring cybersecurity risk exposure by the frequency of cybersecurity-related keywords in annual reports. However, keyword counts alone cannot determine whether firms have undertaken cybersecurity risk governance activities and may even lead to semantic misinterpretation. For instance, one listed firm's annual report states: “Although the overall security level of global cyberspace is improving, the global cybersecurity threat landscape remains severe, with data breaches, cyberattacks, critical vulnerabilities, and other cybersecurity incidents occurring frequently, seriously endangering internet users, corporate institutions, and even national security.” While this passage contains numerous cybersecurity-related terms such as “data breaches” and “cyberattacks,” semantic analysis reveals that the firm merely provides an objective description of global cybersecurity trends without addressing its own risk perception or governance actions.
To address this gap, this paper examines Chinese A-share listed companies from 2007 to 2021, employing large language models (LLMs) to construct a quantitative indicator of corporate cybersecurity risk governance and systematically investigate its impact on firm innovation. The findings reveal that cybersecurity risk governance significantly enhances innovation output, particularly promoting patent applications in cybersecurity technologies. Mechanism analysis demonstrates that cybersecurity risk governance influences innovation through three primary channels: First, improving data utilization efficiency, enabling firms to efficiently transform data assets into innovation outcomes while ensuring data security; Second, stabilizing collaborative innovation relationships by enhancing trust and cooperation with universities, research institutions, and business partners; Third, alleviating financing constraints by strengthening external investors' and creditors' confidence. Heterogeneity analysis indicates that this positive effect is more pronounced among firms operating in more complex digital environments, exhibiting higher technological dependence, and maintaining greater internationalization levels. Furthermore, from a supply chain perspective, this paper uncovers significant asymmetric spillover effects of corporate cybersecurity risk governance: upstream suppliers are incentivized to increase cybersecurity innovation investments, whereas downstream customers reduce their own innovation efforts by relying on core firms' security protections. This reveals the complex transmission mechanisms of cybersecurity governance in digital supply chains.
The main contributions of this paper are threefold. First, it proposes an LLM-based measurement method for corporate cybersecurity governance that effectively addresses semantic and expression ambiguity in Chinese texts, providing a novel technical approach for quantifying corporate risk governance behavior. Second, it elucidates the underlying mechanisms through which cybersecurity governance promotes firm innovation from a risk governance perspective, offering new evidence to resolve debates in the literature while providing clearer policy guidance. Third, it explores the vertical spillover effects of cybersecurity risks from a supply chain perspective, enriching the research framework on inter-firm network risk transmission and innovation interactions in the digital economy context.
Regarding policy implications, this paper argues that firms should regard cybersecurity governance as an integral component of innovation strategy rather than a mere cost burden. Governments should refine cybersecurity regulation and incentive mechanisms, encourage firms to strengthen cybersecurity risk governance, and construct collaborative security-innovation ecosystems. Future research may leverage cross-national data and incorporate institutional differences to further analyze the impact of cybersecurity risk governance on innovation.

Keywords: Cybersecurity Risk Governance Firm Innovation Large Language Models Supply Chain Spillover

JEL分类号:

C88

D81

O31

基金资助: *本文感谢国家自然科学基金项目(72425002、72274228)的资助。感谢匿名审稿人的宝贵意见,感谢北京师范大学曹思未副教授、中国人民大学陈远强教授、中国社会科学院数量经济与技术经济研究所郑世林研究员、香港科技大学陈泽宇助理研究员、深圳大学龚曼宁助理教授和中央财经大学左从江博士的建设性意见,文责自负。

通讯作者: 田轩,金融学博士,教授,清华大学五道口金融学院,E-mail:tianx@pbcsf. tsinghua.edu.cn.

作者简介: 杨鹏,经济学博士,特聘副教授,安徽财经大学经济学院/合肥高等研究院,E-mail:pengyoung@aufe.edu.cn.
孙伟增,工学博士,教授,南京审计大学联合研究院,E-mail:sunweizeng@gmail.com.
左祥太,博士研究生,厦门大学管理学院,E-mail: shutter＿z@outlook.com.

引用本文:

杨鹏, 孙伟增, 田轩, 左祥太. 网络安全风险治理与企业创新——基于大语言模型的识别与发现[J]. 金融研究, 2026, 547(1): 76-94.
YANG Peng, SUN Weizeng, TIAN Xuan, ZUO Xiangtai. Cybersecurity Risk Governance and Firm Innovation: Identification and Discovery based on Large Language Models. Journal of Financial Research, 2026, 547(1): 76-94.

链接本文:

http://www.jryj.org.cn/CN/ 或 http://www.jryj.org.cn/CN/Y2026/V547/I1/76

[1]	耿勇、向晓建和万攀兵,2024,《供应链信任衰退:网络安全风险与企业贸易信贷》,《中国工业经济》第5期,第135～154页。
[2]	顾雷雷、郭建鸾和王鸿宇,2020,《企业社会责任、融资约束与企业金融化》,《金融研究》第2期,第109～127页。
[3]	江小涓、宫建霞和李秋甫,2024,《数据、数据关系与数字时代的创新范式》,《中国社会科学》第9期,第185～203+208页。
[4]	金星晔、左从江、方明月、李涛和聂辉华,2024,《企业数字化转型的测度难题:基于大语言模型的新方法与新发现》,《经济研究》第3期,第34～53页。
[5]	龙小宁、刘灵子和张靖,2023,《企业合作研发模式对创新质量的影响——基于中国专利数据的实证研究》,《中国工业经济》第10期,第174～192页。
[6]	陆瑶、施函青和周欣怡,2025,《中国企业数字技术风险暴露对企业价值的影响——来自大语言模型的文本分析证据》,《经济研究》第2期,第73～89页。
[7]	田子方、左从江、李涛、赵宣凯,2025,《诚信文化与金融企业社会责任承担》,《金融研究》, 第9期,第152～169页。
[8]	万晓莉、叶芸绮和方芳,2025,《从抵押物到现金流:间接融资如何支持创新型企业？》,《金融研究》第3期,第58～75页。
[9]	王辉、何冬昕、陈旭和姜富伟,2024,《网络安全治理与股价崩盘风险——基于上市公司年报文本分析的证据》,《金融评论》第1期,第86～106页。
[10]	夏太彪、魏志华、曾爱民和卢沛,2024,《社会保险缴费负担与企业转型升级》,《经济研究》第1期,第168～187页。
[11]	Calvo, N., S. Fernández-López, M. J. Rodríguez-Gulías, and D. Rodeiro-Pazos, 2022, “The Effect of Population Size and Technological Collaboration on Firms' Innovation,” Technological Forecasting and Social Change, 183, 121905.
[12]	Celeny, D., L. Maréchal, E. Rousselot, and M. Humbert, 2024, “Prioritizing Investments in Cybersecurity: Empirical Evidence from an Event Study on the Determinants of Cyberattack Costs,” arXiv preprint arXiv:2402,04773.
[13]	Chen, J. and J. Roth, 2024, “Logs with Zeros？ Some Problems and Solutions,” The Quarterly Journal of Economics, 139(2), 891～936.
[14]	Chesbrough, H. W., 2003, Open Innovation: The New Imperative for Creating and Profiting from Technology, Harvard Business Press.
[15]	Cohn, J. B., Z. Liu, and M. I. Wardlaw, 2022, “Count (and Count-like) Data in Finance,” Journal of Financial Economics, 146(2), 529～551.
[16]	Crosignani, M., M. Macchiavelli, and A. F. Silva, 2023, “Pirates without Borders: The Propagation of Cyberattacks through Firms' Supply Chains,” Journal of Financial Economics, 147(2), 432～448.
[17]	Demek, K. C. and S. E. Kaplan, 2023, “Cybersecurity Breaches and Investors' Interest in the Firm as an Investment,” International Journal of Accounting Information Systems, 49, 100616.
[18]	Florackis, C., C. Louca, R. Michaely, and M. Weber, 2023, “Cybersecurity Risk,” The Review of Financial Studies, 36(1), 351～407.
[19]	Garg, P., 2020, “Cybersecurity Breaches and Cash Holdings: Spillover Effect,” Financial Management, 49(2), 503～519.
[20]	Gomes, O., R. Mihet, and K. Rishabh, 2023, “Data Risk, Firm Growth, and Innovation,” Swiss Finance Institute Research Paper, No. 23-86.
[21]	Harris, D., C. Kuzey, C. Naaman, and N. Sahyoun, 2023, “Cybersecurity Risk Disclosure Quality: Does It Affect the Cost of Debt？,” Journal of Forensic and Investigative Accounting, 15(2), 192～212.
[22]	He, C. Z., T. Frost, and R. E. Pinsker, 2020, “The Impact of Reported Cybersecurity Breaches on Firm Innovation,” Journal of Information Systems, 34(2), 187～209.
[23]	Hirshleifer, D., P. H. Hsu, and D. Li, 2013, “Innovative Efficiency and Stock Returns,” Journal of Financial Economics, 107(3), 632～654.
[24]	Jamilov, R., H. Rey, and A. Tahoun, 2021, “The Anatomy of Cyber Risk,” NBER Working Paper.
[25]	Jiang, H., N. Khanna, Q. Yang, and J. Zhou, 2024, “The Cyber Risk Premium,” Management Science, 70(12), 8791～8817.
[26]	Kamiya, S., J. K. Kang, J. Kim, et al., 2021, “Risk Management, Firm Reputation, and the Impact of Successful Cyberattacks on Target Firms,” Journal of Financial Economics, 139(3), 719～749.
[27]	Lattanzio, G. and Y. Ma, 2023, “Cybersecurity Risk and Corporate Innovation,” Journal of Corporate Finance, 82, 102445.
[28]	Mizrak, F., 2023, “Integrating Cybersecurity Risk Management into Strategic Management: A Comprehensive Literature Review,” Research Journal of Business and Management, 10(3), 98～108.
[29]	Rassier, D. G., R. J. Kornfeld, and E. H. Strassner, 2019, “Treatment of Data in National Accounts.” BEA Advisory Committee. Burau of Economic Analysis.
[30]	Korinek, A., 2023, “Generative AI for Economic Research: Use Cases and Implications for Economists,” Journal of Economic Literature, 61(4), 1281~1317.
[31]	Sheneman, A., 2017, “Cybersecurity Risk and the Cost of Debt,” SSRN Working Paper.
[32]	Tian, X. and T. Y. Wang, 2014, “Tolerance for Failure and Corporate Innovation,” The Review of Financial Studies, 27(1), 211～255.
[33]	Tosun, O. K., 2021, “Cyber-attacks and stock market activity.” International Review of Financial Analysis, 76, 101795.
[34]	Wang, J., C. Y. C. Ho, and Y. G. Shan, 2024, “Does Cybersecurity Risk Stifle Corporate Innovation Activities？,” International Review of Financial Analysis, 91, 103028.
[35]	Wu, L., L. Hitt, and B. Lou, 2020, “Data Analytics, Innovation, and Firm Productivity,” Management Science, 66(5), 2017～2034.

[1]

杨鹏

Download

[1]	田子方, 左从江, 李涛, 赵宣凯. 诚信文化与金融企业社会责任承担[J]. 金融研究, 2025, 543(9): 152-169.
[2]	潘玉坤, 杜茜茜, 龚强, 叶奎成. 供应链不确定性与中国企业创新——基于中美供应链微观企业数据的分析[J]. 金融研究, 2025, 542(8): 75-92.
[3]	刘阳, 肖淇泳, 韩立岩, 秦萍. 关键金属价格波动、绿色激励与新能源企业创新[J]. 金融研究, 2025, 540(6): 152-170.
[4]	兰天琪, 陈运森, 赵瑞瑞, 贾宁. 股东诉讼溢出与策略性信息披露[J]. 金融研究, 2025, 539(5): 188-206.
[5]	蔡庆丰, 陈熠辉, 严佳佳. “强省会”的创新外部性——基于省域知识交流与产业分工的研究视角[J]. 金融研究, 2025, 536(2): 132-149.
[6]	张美扬, 龙小宁. 专利丛林:科技创新中的绿荫还是荆棘?[J]. 金融研究, 2024, 527(5): 169-187.
[7]	蔡庆丰, 刘昊, 舒少文. 政府产业引导基金与域内企业创新:引导效应还是挤出效应？[J]. 金融研究, 2024, 525(3): 75-93.
[8]	魏浩, 封起扬帆. 进口竞争、创新风险与创新质量——基于单一企业和企业集团的再考察[J]. 金融研究, 2024, 533(11): 57-75.
[9]	许锐, 王艳艳, 于李胜. 专利质押贷款的创新激励效应[J]. 金融研究, 2024, 532(10): 58-75.
[10]	袁凯彬, 李万利, 张伟俊. 人民币参与国际结算能否激励出口企业创新？ ——基于跨境贸易人民币结算试点的研究[J]. 金融研究, 2023, 516(6): 94-112.
[11]	许年行, 王崇骏, 章纪超. 破产审判改革、债权人司法保护与企业创新 ——基于清算与破产审判庭设立的准自然实验[J]. 金融研究, 2023, 516(6): 150-168.
[12]	冀云阳, 周鑫, 张谦. 数字化转型与企业创新——基于研发投入和研发效率视角的分析[J]. 金融研究, 2023, 514(4): 111-129.
[13]	李倩, 程昱, 程新生. 产业链企业上市是否影响企业创新投资?[J]. 金融研究, 2023, 521(11): 153-169.
[14]	张杰, 郑姣姣. 公路基础设施如何重塑中国创新格局 ——基于地域异质性的微观证据[J]. 金融研究, 2023, 520(10): 66-84.
[15]	潘红波, 杨朝雅, 李丹玉. 如何激发民营企业创新——来自实际控制人财富集中度的视角[J]. 金融研究, 2022, 502(4): 114-132.

[1]	曾利飞, 辛子辰, 许志, 曹伟. 健全社会保障体系与居民生育率——基于长期护理保险视角[J]. 金融研究, 2025, 545(11): 58 -76 .
[2]	张成思, 田耕宇, 蒋仁智, 刘泽豪. 中国商业银行超额准备金持有的驱动机制研究[J]. 金融研究, 2026, 547(1): 1 -19 .
[3]	宋科, 李亭, 朱斯迪. 人民币清算行设立能推动跨境贸易人民币结算吗？——兼论CIPS的协同效应[J]. 金融研究, 2025, 546(12): 1 -19 .
[4]	刘冲, 张紫嫣, 李欣明, 程子帅. 商业银行利率风险的计量与管理——基于重定价缺口的研究[J]. 金融研究, 2026, 547(1): 20 -37 .
[5]	王博, 吴振伦, 罗荣华, 张晓玫. 金融监管与企业资本结构动态调整——来自资管新规的证据[J]. 金融研究, 2026, 547(1): 57 -75 .
[6]	徐臻阳, 龚六堂, 董丰, 许志伟. 股价波动与最优双支柱政策调控[J]. 金融研究, 2025, 544(10): 21 -39 .
[7]	余锦亮, 王文秀, 祁毓, 李雯清. 财政收入预期增长与地方政府征管行为——来自地级市的经验证据[J]. 金融研究, 2025, 545(11): 39 -57 .
[8]	王遥, 王瑾喆, 吴祯姝, 王文蔚. 绿色金融能否促进经济“脱虚向实”——基于绿色金融改革创新试验区的经验证据[J]. 金融研究, 2025, 546(12): 20 -38 .
[9]	冀云阳, 杨雨晨, 王秀磊. “新基建”融资与数字经济发展——来自专项债发行的证据[J]. 金融研究, 2026, 547(1): 95 -112 .
[10]	陈思翀, 魏筱, 余明桂. 非上市企业的绿色低碳技术创新价值——技术并购中的市场溢价与创新协同[J]. 金融研究, 2026, 547(1): 113 -131 .

Viewed

Full text

Abstract

Cited

Shared

Discussed