The Impact of the Board of Directors on the Cybersecurity Risks in the Iraqi Banking Sector
Mousa Nayyef Omairah Al-Yasari, Moufida Ben Saada
By analyzing the effects of the board features on cybersecurity risks, the study sought to quantify the Effect of the board of directors on banks listed on the Iraq Stock Exchange. The attributes of the audit committee (size, independence, and technological knowledge) and the board (member diversity, size, and independence) Served as representations of the governance systems. The researcher employed a descriptive-analytical methodology, which is suitable for this type of study, along with the research design and approach used, the study population, and the sample of the study comprising 21 banks listed on the Iraq Stock Exchange's regular market, with a sample size of 189 individuals. The researcher concluded that banks with larger boards, independence, gender diversity, and technological expertise tend to have lower levels of cybersecurity risk. Additionally, banks with audit committees that have many members, independence, and technological expertise also experience lower cybersecurity risks. Furthermore, banks with a Chief Information Officer (CIO), a Chief Cybersecurity Officer (CCO), and an IT risk management committee that includes technology experts in their senior and executive management tend to have lower levels of cybersecurity risk. Efficient and high-quality internal auditing also contributes to reducing cybersecurity risks for these banks. The researcher recommended that banks should strengthen their boards and audit committees with expertise and qualifications in information and communication technology. It was also suggested that banks conduct training sessions on cybersecurity specifically for board members and generally for bank employees. Additionally, it was advised that banks establish cybersecurity risk committees at the executive management level or board level, if possible.
Keywords:Governance, Cybersecurity risks, Board of directors, Audit committee, Internal audit
