Title: Information technology governance and cybersecurity at the board level

Authors: Abdalmuttaleb M.A. Musleh Al-Sartawi

Addresses: Department of Accounting and Economics, College of Business and Finance, Ahlia University, P.O. Box 10878, Kingdom of Bahrain

Abstract: Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.

Keywords: cyber risk; cybersecurity; information technology governance; ITG; board of directors; MENA countries.

DOI: 10.1504/IJCIS.2020.10029173

International Journal of Critical Infrastructures, 2020 Vol.16 No.2, pp.150 - 161

Received: 26 Feb 2019
Accepted: 24 Jun 2019

Published online: 11 May 2020 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article