The impact of cybersecurity disclosure on banks’ performance: the moderating role of corporate governance in the MENA region

Abstract

This study aims to: (1) examine the impact of cybersecurity disclosure on banks’ performance and (2) explore whether the existence of a chief risk ofcer (CRO), an information technology (IT) committee, and a board of directors (BOD)’ size moderates the association between cybersecurity disclosure and bank performance. The study used manual textual analysis to measure cybersecurity disclosure in a sample of listed banks in the MENA region countries based on data from 2019 to 2021. The data were collected from annual reports and fnancial statements of banks available at Orbis Bank Focus database. The study employed a random efect regression model to test the hypotheses and discuss the results. The fndings show that banks in the MENA region are increasingly interested in disclosing cybersecurity information, where cybersecurity disclosure over the sample years is increasing from 17% in 2019 to 19.6% in 2021. In addition, the results show that cybersecurity disclosure has a positive and signifcant infuence on bank performance. Furthermore, the fndings indicate that the presence of a CRO moderates the relationship between cybersecurity disclosure and bank performance. These fndings show that depending largely on a bank’s CRO to handle complex and dynamic risks can have serious consequences for decision making processes connected to managing cybersecurity risk and disclosure. This paper creates a new research paradigm by focusing on the disclosure of cybersecurity information in the MENA banking sector, where exploring the moderating role of the CRO, IT committee, and board size in enhancing the cybersecurity disclosure-bank performance relationship is lacking. The fndings provide practical implications for various stakeholders, where it reveals the current practices of cybersecurity disclosure of banks in the MENA region with the objective of minimizing information asymmetry, maintaining public trust, and identifying potential risks of fnancial distress. In addition, the results direct the attention of banks and regulators toward the role of CRO in risk governance, particularly in managing cyber risks within the banking industry.