Impact of corporate governance on bank performance in the MENA region: the moderating role of cybersecurity policy

Abstract

Purpose This paper aims to examine the nonlinear impact of corporate governance (CG) on bank performance by exploring the moderating role of cybersecurity policy (CSP) on this relationship in the Middle East and North Africa (MENA) region. Design/methodology/approach Using a data set of 1,648 firm-year observations, the study examines a sample of commercial banks operating in MENA countries that are part of the Regional Security Dialogue of MENA between 2016 and 2024. The analysis is conducted using the two-stage least squares method and a kernel estimator, which is a nonlinear test. Findings The results show a nonlinear interaction effect of cybersecurity policies on the relationship between CG and bank performance in financial institutions within the Regional Security Dialogue of MENA countries. Moreover, this interaction is significant and causes a reversal of the impacts. The results demonstrate that the interaction effect of CG and CSP has a positive marginal effect on bank performance, indicating that good CG in the presence of CSP can enhance bank performance. The study also finds that cybersecurity policies, on their own, have a negative impact on bank performance, suggesting that the costs associated with implementing such policies may outweigh their benefits. Research limitations/implications There are several limitations that this study faces that should be addressed. The focus on commercial banks may limit the applicability of the findings to other types of financial organizations in MENA countries. Furthermore, the cross-sectional design of the study poses difficulties in determining causality and the direction of the observed relationships. The constant rate of change of linear modeling in this study is one of its limitations. This model makes the erroneous assumption that, for every unit change in the independent variable, the dependent variable changes at a constant pace. In addition, it cannot simulate complex linkages and interactions where effects are not cumulative because it cannot represent curves and interactions. The modeling’s assumption of uniform distributions is another limitation. Practical implications This study contributes to theoretical understanding by using agency theory and stakeholder theory to establish a relationship between CG, CSP and bank performance. This study emphasizes the significance of combining cybersecurity policies with CG processes to improve bank performance. Practitioners should understand that effective integration of cybersecurity measures with strong governance frameworks can improve overall performance, as well as complete detailed cost-benefit evaluations to control the financial impact of cybersecurity investments. Originality/value This paper contributes to the existing literature by analyzing the impact of CSP on CG and bank performance in MENA countries. Its contribution, and what distinguishes it from previous studies, is the identification of a nonlinear relationship between CG and bank performance, challenging traditional linear models. This study makes a significant contribution by identifying best practices of CG in the context of CSP, thereby enhancing banks’ stability and resilience in the face of an increasingly challenging risk environment.