Voluntary cybersecurity disclosure in the banking industry of Bangladesh: does board composition matter?

Cybersecurity disclosure (CSD) provides users with valuable information and significant insights about a firm's susceptibility to cyber risk and its management. It is argued that the board of directors, with its oversight role, should be vigilant in managing cyber risk and disclosures. This study aims to measure the extent of CSD of the banking companies and examines the association between the characteristics of board composition (i.e. board size, board independence and gender diversity) and CSD.

This study adopted automated content analysis to find out the extent of CSD in the listed commercial banks of an emerging country, Bangladesh, where CSD is voluntary. Further, multiple linear regression is applied to determine the relationship between board composition and CSD.

The findings reveal an increasing trend of CSD over the sample period (2014–2020). The study confirms a significant positive relationship between board independence and CSD. The study also demonstrates that the higher presence of female directors on the board is associated with higher CSD. However, no consistently significant relationship is found between board size and CSD.

The study is based on listed banking companies only. Hence, the results can not be generalised to companies in other sectors. Also, it is important to acknowledge that we focused on the quantity (not the quality) of CSD contained in annual reports.

The study provides an overall understanding of current trends of CSD in the Banking sector of a developing country. Regulators may use our findings to understand the current level of CSD and assess the need for issuing guidance in this regard. The association between board composition and CSD has implications both for banks when selecting board members and policymakers when establishing requirements concerning board composition under corporate governance guidelines.

This is one of the very few studies in the context of an emerging economy where CSD is voluntary. The paper contributes to a narrow stream of research investigating CSD and its association with board composition. Notably, it contributes to understanding how board composition is associated with CSD in the banking industry, which is highly exposed to cyber risk.