{"title":"Information technology governance and cybersecurity at the board level","authors":"A. Sartawi","doi":"10.1504/ijcis.2020.10029173","DOIUrl":null,"url":null,"abstract":"Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.","PeriodicalId":44956,"journal":{"name":"International Journal of Critical Infrastructures","volume":"1 1","pages":""},"PeriodicalIF":0.5000,"publicationDate":"2020-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructures","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijcis.2020.10029173","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 20
Abstract
Security breaches are very costly in the USA, followed very closely by the Middle East. Shareholders and investors demand that their firms mitigate all kinds of risks, and it is the responsibility of the BOD to gain and maintain their confidence. In view of this scenario, MENA companies need to protect their data, while the BODs need to embed a culture of cybersecurity in the firm. The aim of this paper is to examine the relationship between information technology governance (ITG) and the level of cybersecurity by MENA listed firms. The study used a checklist to collect data from a sample of 94 firms listed in the financial stock markets of the MENA countries for the year ended 2018. The study found that there is a significant and direct relationship between ITG and the level of a firm's cybersecurity. This indicates the importance of appointing board members with IT knowledge and experience. This leads to better decisions taken by the BODs when faced with cyber-threats and challenges. In addition, IT expertise on the BODs can be important to understand what the Heads of IT are doing on the inside and, thus being knowledgeable enough to challenge their actions.
期刊介绍:
IJCIS is an inter-disciplinary and refereed journal that provides a professional and scholarly forum for cross-learning between different scientific and technological disciplines, and between business and economic, as well as between societal and managerial, disciplines in the area of critical infrastructures. Critical infrastructures are networks for the provision of telecommunication and information services, energy services, water supply, transportation of people and goods, banking and financial services, government services and emergency services. By addressing commonalities and interrelationships between the various sectors, IJCIS enables scientists, policy makers and professionals in the field to learn from experiences in other countries and in other infrastructure sectors.