THE IMPACT OF CORPORATE GOVERNANCE ON CYBERSECURITY RISKS: INTERNAL AUDITING AS A MEDIATING VARIABLE

Abstract

The aim of the study was to examine the impact of Corporate Governance (CG) on Cybersecurity Risks (CRs), with special emphasis given to ascertaining the role of Internal Auditing (IA) as an intervening factor in the aforementioned relationship. To accomplish this, an analytical framework was developed and empirically tested via Partial Least Squares Structural Equation Modelling (PLS-SEM). The empirical study was carried out on 73 specialists working in the accounting, auditing, risk management, and information security departments of Iraqi banks. Primary data were collected via the electronic implementation of a structured questionnaire. The empirical findings of the study reveal that CG has a positive and statistically significant impact on IA. This reveals that an effective CG system can positively influence the strength of internal controls and, as a consequence, the effectiveness of the IA function. Furthermore, the findings reveal that IA is positively and statistically significantly correlated with CRs, thus underscoring its crucial role in evaluating the strength of technological controls and enhancing risk management practices in digitalised business environments. On the contrary, the link between CG and CRs is not statistically significant. However, the indirect link between CG and CRs via IA is statistically significant, thus affirming that IA is an absolute mediator between CG and CRs. The R-squared values indicate high values of determination of the structural model, especially with respect to the relationship between CG and CRs via IA, thus affirming the adequacy and empirical robustness of the proposed framework. The findings of the study thus underscore the strategic importance of integrating CG with IA to enhance the governance of CRs in digitalised business environments.