IDEAS home Printed from https://ideas.repec.org/a/spr/futbus/v10y2024i1d10.1186_s43093-024-00402-9.html
   My bibliography  Save this article

The impact of cybersecurity disclosure on banks’ performance: the moderating role of corporate governance in the MENA region

Author

Listed:
  • Dalia Hussein Elsayed

    (October University for Modern Sciences and Arts (MSA))

  • Tariq H. Ismail

    (Cairo University
    International Academy for Engineering and Media Science)

  • Eman Adel Ahmed

    (October University for Modern Sciences and Arts (MSA))

Abstract

This study aims to: (1) examine the impact of cybersecurity disclosure on banks’ performance and (2) explore whether the existence of a chief risk officer (CRO), an information technology (IT) committee, and a board of directors (BOD)’ size moderates the association between cybersecurity disclosure and bank performance. The study used manual textual analysis to measure cybersecurity disclosure in a sample of listed banks in the MENA region countries based on data from 2019 to 2021. The data were collected from annual reports and financial statements of banks available at Orbis Bank Focus database. The study employed a random effect regression model to test the hypotheses and discuss the results. The findings show that banks in the MENA region are increasingly interested in disclosing cybersecurity information, where cybersecurity disclosure over the sample years is increasing from 17% in 2019 to 19.6% in 2021. In addition, the results show that cybersecurity disclosure has a positive and significant influence on bank performance. Furthermore, the findings indicate that the presence of a CRO moderates the relationship between cybersecurity disclosure and bank performance. These findings show that depending largely on a bank's CRO to handle complex and dynamic risks can have serious consequences for decision making processes connected to managing cybersecurity risk and disclosure. This paper creates a new research paradigm by focusing on the disclosure of cybersecurity information in the MENA banking sector, where exploring the moderating role of the CRO, IT committee, and board size in enhancing the cybersecurity disclosure-bank performance relationship is lacking. The findings provide practical implications for various stakeholders, where it reveals the current practices of cybersecurity disclosure of banks in the MENA region with the objective of minimizing information asymmetry, maintaining public trust, and identifying potential risks of financial distress. In addition, the results direct the attention of banks and regulators toward the role of CRO in risk governance, particularly in managing cyber risks within the banking industry.

Suggested Citation

  • Dalia Hussein Elsayed & Tariq H. Ismail & Eman Adel Ahmed, 2024. "The impact of cybersecurity disclosure on banks’ performance: the moderating role of corporate governance in the MENA region," Future Business Journal, Springer, vol. 10(1), pages 1-15, December.
    • Handle: RePEc:spr:futbus:v:10:y:2024:i:1:d:10.1186_s43093-024-00402-9
    DOI: 10.1186/s43093-024-00402-9
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1186/s43093-024-00402-9
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1186/s43093-024-00402-9?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Miroslav Mateev & Ahmad Sahyouni & Muhammad Usman Tariq, 2023. "Bank regulation, ownership and risk taking behavior in the MENA region: policy implications for banks in emerging economies," Review of Managerial Science, Springer, vol. 17(1), pages 287-338, January.
    2. repec:eme:jfrcpp:jfrc-04-2021-0037 is not listed on IDEAS
    3. Sitara Karim & Muhammad Abubakr Naeem & Nawazish Mirza & Jessica Paule-Vianez, 2022. "Quantifying the hedge and safe-haven properties of bond markets for cryptocurrency indices," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 23(2), pages 191-205, January.
    4. Donald Pagach & Richard Warr, 2011. "The Characteristics of Firms That Hire Chief Risk Officers," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 78(1), pages 185-211, March.
    5. Nadine Gatzert & Madeline Schubert, 2022. "Cyber risk management in the US banking and insurance industry: A textual and empirical analysis of determinants and value," Journal of Risk & Insurance, The American Risk and Insurance Association, vol. 89(3), pages 725-763, September.
    6. André P. Liebenberg & Robert E. Hoyt, 2003. "The Determinants of Enterprise Risk Management: Evidence From the Appointment of Chief Risk Officers," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 6(1), pages 37-52, February.
    7. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    8. Nadia Smaili & Camélia Radu & Amir Khalili, 2023. "Board effectiveness and cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 27(4), pages 1049-1071, December.
    9. Renée B. Adams & Heitor Almeida & Daniel Ferreira, 2005. "Powerful CEOs and Their Impact on Corporate Performance," The Review of Financial Studies, Society for Financial Studies, vol. 18(4), pages 1403-1432.
    10. Shamsun Nahar & Mosammet Asma Jahan, 2021. "Do Risk Disclosures Matter for Bank Performance? A Moderating Effect of Risk Committee," Accounting in Europe, Taylor & Francis Journals, vol. 18(3), pages 378-406, September.
    11. Olayinka Adedayo Erin & Adebola Daniel Kolawole & Abdurafiu Olaiya Noah, 2020. "Risk governance and cybercrime: the hierarchical regression approach," Future Business Journal, Springer, vol. 6(1), pages 1-15, December.
    12. Hany Elzahar & Khaled Hussainey, 2012. "Determinants of narrative risk disclosures in UK interim reports," Journal of Risk Finance, Emerald Group Publishing Limited, vol. 13(2), pages 133-147, February.
    13. Marta Meisner, 2017. "Financial Consequences Of Cyber Attacks Leading To Data Breaches In Healthcare Sector," Copernican Journal of Finance & Accounting, Uniwersytet Mikolaja Kopernika, vol. 6(3), pages 63-73.
    14. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    15. Beasley, Mark S. & Clune, Richard & Hermanson, Dana R., 2005. "Enterprise risk management: An empirical analysis of factors associated with the extent of implementation," Journal of Accounting and Public Policy, Elsevier, vol. 24(6), pages 521-531.
    16. Samaha, Khaled & Khlif, Hichem & Hussainey, Khaled, 2015. "The impact of board and audit committee characteristics on voluntary disclosure: A meta-analysis," Journal of International Accounting, Auditing and Taxation, Elsevier, vol. 24(C), pages 13-28.
    17. Healy, Paul M. & Palepu, Krishna G., 2001. "Information asymmetry, corporate disclosure, and the capital markets: A review of the empirical disclosure literature," Journal of Accounting and Economics, Elsevier, vol. 31(1-3), pages 405-440, September.
    18. Claire Lending & Kristina Minnick & Patrick J. Schorno, 2018. "Corporate Governance, Social Responsibility, and Data Breaches," The Financial Review, Eastern Finance Association, vol. 53(2), pages 413-455, May.
    19. Ursel Baumann & Erlend Nier, 2004. "Disclosure, volatility, and transparency: and empirical investigation into the value of bank disclosure," Economic Policy Review, Federal Reserve Bank of New York, issue Sep, pages 31-45.
    20. Mohammed Adel Elzahaby, 2023. "Corporate narrative disclosure practices in the Middle East and North Africa (MENA) region: a systematic literature review," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 20(3), pages 296-315, September.
    21. Tawei Wang & Karthik N. Kannan & Jackie Rees Ulmer, 2013. "The Association Between the Disclosure and the Realization of Information Security Risk Factors," Information Systems Research, INFORMS, vol. 24(2), pages 201-218, June.
    22. Hichem Khlif & Khaled Hussainey, 2016. "The association between risk disclosure and firm characteristics: a meta-analysis," Journal of Risk Research, Taylor & Francis Journals, vol. 19(2), pages 181-211, February.
    23. Camélia Radu & Nadia Smaili, 2022. "Correction to: Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 375-375, May.
    24. Rafik Harkati & Syed Musa Alhabshi & Salina Kassim, 2020. "Does capital adequacy ratio influence risk-taking behaviour of conventional and Islamic banks differently? Empirical evidence from dual banking system of Malaysia," Journal of Islamic Accounting and Business Research, Emerald Group Publishing Limited, vol. 11(10), pages 1989-2015, August.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. José Ruiz-Canela López, 2021. "How Can Enterprise Risk Management Help in Evaluating the Operational Risks for a Telecommunications Company?," JRFM, MDPI, vol. 14(3), pages 1-26, March.
    2. Elisabetta Mafrolla & Felice Matozza, 2014. "Risk management and firm size: a survey of Italian private companies," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2014(3), pages 87-108.
    3. Rita Lamboglia & Francesco Paolone & Daniela Mancini, 2019. "Determinants of the implementation of environmental risk indicators: Empirical evidence from the Italian manufacturing context," Corporate Social Responsibility and Environmental Management, John Wiley & Sons, vol. 26(2), pages 307-316, March.
    4. Heidinger, Dinah & Gatzert, Nadine, 2018. "Awareness, determinants and value of reputation risk management: Empirical evidence from the banking and insurance industry," Journal of Banking & Finance, Elsevier, vol. 91(C), pages 106-118.
    5. Nadia Smaili & Camélia Radu & Amir Khalili, 2023. "Board effectiveness and cybersecurity disclosure," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 27(4), pages 1049-1071, December.
    6. Ivana Dvorski Lacković & Nataša Kurnoga & Danijela Miloš Sprčić, 2022. "Three-factor model of Enterprise Risk Management implementation: exploratory study of non-financial companies," Risk Management, Palgrave Macmillan, vol. 24(2), pages 101-122, June.
    7. Milos Sprcic, Danijela & Pecina, Ena & Orsag, Silvije, 2017. "Enterprise Risk Management Practices In Listed Croatian Companies," UTMS Journal of Economics, University of Tourism and Management, Skopje, Macedonia, vol. 8(3), pages 219-230.
    8. Zhu, Delong & Li, Zhe & Mishra, Arunodaya Raj, 2023. "Evaluation of the critical success factors of dynamic enterprise risk management in manufacturing SMEs using an integrated fuzzy decision-making model," Technological Forecasting and Social Change, Elsevier, vol. 186(PA).
    9. Alessandra Allini & Raffaela Casciello & Marco Maffei & Martina Prisco, 2022. "The national culture as a determinant of ERM quality: Empirical evidence in the European banking context," MANAGEMENT CONTROL, FrancoAngeli Editore, vol. 2022(1), pages 79-102.
    10. Naciye Sekerci & Don Pagach, 2020. "Firm Ownership and Enterprise Risk Management Implementation: Evidence from the Nordic Region," JRFM, MDPI, vol. 13(9), pages 1-21, September.
    11. Olayinka Adedayo Erin & Adebola Daniel Kolawole & Abdurafiu Olaiya Noah, 2020. "Risk governance and cybercrime: the hierarchical regression approach," Future Business Journal, Springer, vol. 6(1), pages 1-15, December.
    12. Therese R. Viscelli & Mark S. Beasley & Dana R. Hermanson, 2016. "Research Insights About Risk Governance," SAGE Open, , vol. 6(4), pages 21582440166, November.
    13. Rami Shaheen & Mehmet Ağa & Husam Rjoub & Ahmad Abualrub, 2020. "Investigation of the Pillars of Sustainability Risk Management as an Extension of Enterprise Risk Management on Palestinian Insurance Firms’ Profitability," Sustainability, MDPI, vol. 12(11), pages 1-20, June.
    14. Mónica Hernández-Madrigal & Cristina Aibar-Guzmán & Beatriz Aibar-Guzmán & Élfego Ramírez-Flores, 2020. "Are external pressures always behind ERM implementation? Evidence from Spanish listed firms," International Journal of Disclosure and Governance, Palgrave Macmillan, vol. 17(2), pages 86-100, September.
    15. Danijela Miloš Sprčić & Marina Mešin Žagar & Željko Šević & Mojca Marc, 2016. "Does enterprise risk management influence market value – A long-term perspective," Risk Management, Palgrave Macmillan, vol. 18(2), pages 65-88, August.
    16. Ishaya John Dabari & Siti Zabedah Saidin, 2015. "Determinants Influencing the Implementation of Enterprise Risk Management in the Nigerian Banking Sector," International Journal of Asian Social Science, Asian Economic and Social Society, vol. 5(12), pages 740-754, December.
    17. Nadine Gatzert & Michael Martin, 2015. "Determinants and Value of Enterprise Risk Management: Empirical Evidence From the Literature," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 18(1), pages 29-53, March.
    18. Kingsley Alawattegama, 2017. "The Impact of Enterprise Risk Management on Firm Performance: Evidence from Sri Lankan Banking and Finance Industry," International Journal of Business and Management, Canadian Center of Science and Education, vol. 13(1), pages 225-225, December.
    19. Simona Alfiero & Massimo Cane & Ruggiero Doronzo & Alfredo Esposito, 2018. "Determining characteristics of boards adopting Integrated Reporting," FINANCIAL REPORTING, FrancoAngeli Editore, vol. 2018(2), pages 37-71.
    20. Walid Ben-Amar & Ameur Boujenoui & Daniel Zeghal, 2014. "The Relationship between Corporate Strategy and Enterprise Risk Management: Evidence from Canada," Journal of Management and Strategy, Journal of Management and Strategy, Sciedu Press, vol. 5(1), pages 1-17, February.

    More about this item

    Keywords

    Cyberattacks; Cybersecurity disclosure; Chief risk officer; Information technology committee; Bank performance; MENA region;
    All these keywords.

    JEL classification:

    • G30 - Financial Economics - - Corporate Finance and Governance - - - General
    • L20 - Industrial Organization - - Firm Objectives, Organization, and Behavior - - - General
    • M14 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Business Administration - - - Corporate Culture; Diversity; Social Responsibility
    • N20 - Economic History - - Financial Markets and Institutions - - - General, International, or Comparative

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:futbus:v:10:y:2024:i:1:d:10.1186_s43093-024-00402-9. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.