Enhancing cybersecurity governance : the case of Maltese domestic banks

Abstract

PURPOSE: As banks are becoming more digitalised, they are entangling more with cyberspace. Given that new threats are evolving every day, this study analyses the technological awareness and knowledge present at the board level. Furthermore, it analyses the cyber risk management measures and disclosures undertaken by domestic banks to safeguard transparency. DESIGN: The research was designed around a qualitative approach of data collection in order to ensure in achieving the objectives. Structured interviews were conducted with personnels from the Maltese domestic banks who have knowledge and insights on cybersecurity governance. FINDINGS: The findings reveal a notable disparity among banks in terms of board director expertise in technology, with several institutions lacking such specialised knowledge. Moreover, ongoing efforts are observed across certain banks to enhance their boards with individuals capable of addressing a broader spectrum of technological challenges. Conversely, some banks assert that their boards, predominantly composed of business professionals, exhibit a defiance in technological awareness and proficiency. Additionally, the research highlights diverse approaches employed by banks to provide cybersecurity training to their staff. Despite certain institutions exhibiting deficiencies in cybersecurity governance, they are addressing the escalating threat of cyberattacks through heightened awareness initiatives. CONCLUSIONS: Given the introduction of mandatory disclosure of cyberattacks by the U.S. Securities and Exchange Commission (SEC), it is evident that more guidance and regulations is necessary from local authorities to further cybersecurity oversight. Moreover, the freedom granted to the cybersecurity function may have a negative impact as its effectiveness relies on the decision-making of an organisation’s management. IMPLICATIONS: This study raises awareness on the need of improving cybersecurity governance or technological expertise at the board level among Maltese domestic Banks. The recommendations aim to enable banks to enhance their Board and encourage regulatory authorities to provide additional assistance in this regard.