我要吃瓜

Article

The Role of CEO Power and Audit Committees in Cybersecurity Risk Management

Details

Citation

Al-Shaer H, Albitar K, Derouiche I & Hussainey K (2025) The Role of CEO Power and Audit Committees in Cybersecurity Risk Management. The International Journal of Accounting.

Abstract
The research problem Considering cybersecurity as a strategic ethical decision rather than a technical concern, the study explores how CEO power and audit committees (ACs) impact cybersecurity risk management (CRM) and what role other CEO attributes play in shaping this nexus. Previous research has provided limited insight into the possible factors influencing CRM. This study addresses this research gap. Motivation or theoretical reasoning We are motivated by the lack of empirical evidence on the role of CEO power and ACs in CRM. The study uses stewardship and resource dependence theories to explain how CEO power and ACs influence CRM. The test hypotheses H1: CEO power is positively associated with CRM. H2: AC characteristics are positively associated with CRM. Target population The study is based on a sample of non-financial companies listed on the London Stock Exchange (FTSE-All-Share) from 2014 to 2020, totalling 1,036 firm-year observations. Adopted methodology. The study uses the Probit model. Analyses The paper uses different measures of CEO power and ACs. It also undertakes additional analyses that control for CEO attributes, such as tenure, age, and nationality, as well as firm-specific characteristics, including firm size, firm risk, and financial health. Findings Our findings show that powerful CEOs are more likely to be associated with CRM. Furthermore, effective ACs are more likely to exercise greater oversight over cybersecurity risk. These effects are stronger in firms with younger CEOs, CEOs with shorter tenure, or CEOs of diverse nationalities. Powerful CEOs and ACs are more likely to be associated with CRM in large, risky, and financially healthy firms. This study calls for CEOs and ACs to take on a broader remit and provides original evidence of their role in CRM.

Keywords
cybersecurity; cybersecurity risk management; CEO power; audit committees.

Notes
Output Status: Forthcoming

Journal
The International Journal of Accounting

StatusAccepted
Date accepted by journal14/01/2025
ISSN1094-4060
eISSN2213-3933

People (1)

Professor Habiba Al-Shaer

Professor Habiba Al-Shaer

Professor in Accounting, Accounting & Finance