Information Technology Governance: The Role of Board of Directors in Cybersecurity Oversight

摘要

The MENA region is a target for many cyber-attacks, as they are consumers of technology instead of being innovators. MENA companies need to protect their data, and the BOD need to embed a culture of information security in the company starting from the top managers to the lower ranked employees. This makes cybersecurity a subset of a BOD's responsibilities. The aim of this paper is to measure the level of cybersecurity disclosure and governance in the MENA region and examine the relationship between cybersecurity governance and the level of companies' cybersecurity. The study used a checklist to collect data from a sample of 57 firms listed in the financial stock markets of the MENA countries for the year 2018. The study concludes that there is a significant and direct relationship between IT governance and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience which leads to better decision-making when faced with cyber-threats and challenges.