Governance’s role in bank performance: cybersecurity committee assessment

This study aims to examine how the Bank of Ghana’s (BoG’s) directive on establishing a Cyber and Information Security Governance Committee (CISGC) affects banks’ financial performance (FP) and efficiency. The FP of banks is measured by return on assets (ROA) and return on equity (ROE), while efficiency is measured by operational costs to operating revenue (CIR). The study examines the CISGC’s cyber and IT expertise, committee size, meetings and female representation features.

Data from 20 universal banks in Ghana between 2019 and 2022 was used to examine the impact of the CISGC features on Bank FP and efficiency using generalized least squares regression and robustness test.

CISGC’s cyber and IT expertise has a positive impact on ROA, but no impact on ROE or CIR. Their size, meetings and female representation do not affect performance. This highlights the need for key measures to be instituted for effective cyber and information security governance.

This study has several limitations. First, the scope was initially limited to universal banks in Ghana. Future studies should cover all banks operating in Ghana.

When forming the CISGC, banks should ensure that cybersecurity expertise is represented, and that female representation is considered. Additionally, given the ongoing evolution of cybersecurity threats, banks should ensure comprehensive digitization and robust cybersecurity safeguards.

To the best of the author’s knowledge, this study is the first to investigate how CISGC impacts bank performance in Ghana following the BoG’s Cyber and Information Security directive.