Purpose Corporate boards play a vital role in preventing cyber threats through cybersecurity disclosure policies, strategies and practices. This study examines the influence of the demographic characteristics of corporate boards on cybersecurity disclosure in two-tier governance system companies that include board of directors and board of commissioners. Current research focuses on the banking industry, which is highly exposed to cyber threats. Design/methodology/approach The research examined 46 banks listed on the Indonesia Stock Exchange from 2018 to 2022. Analysis using regression techniques was applied to determine the relationship between board characteristics and cybersecurity disclosure. Additional analysis has been conducted to enrich the findings. Findings The study finds that the average age of board directors and board of commissioners positively and significantly affects cybersecurity disclosure, while tenure of both boards has a negative and significant effect. Furthermore, banks with more board members who have educational backgrounds in information technology tend to have higher levels of cybersecurity disclosure. These findings recommend that regulators should encourage more boards with IT backgrounds to help mitigate cybersecurity risks. Research limitations/implications The measurement of cybersecurity disclosure based on word count and subjective judgment. Future studies may develop more objective indicators for assessing cybersecurity disclosure. The study also focuses on a limited set of demographic characteristics of board members. Practical implications The findings suggest that regulatory bodies should develop guidelines for cybersecurity disclosure to enhance transparency and accountability in the financial sector. Additionally, the study highlights the significance of considering the proportion of IT-educated board members to strengthen cybersecurity oversight. Originality/value This is one of the few papers investigate cybersecurity disclosure and its relationships with board demographic factors. The research is conducted in Indonesia, where two-boards system applied and cybersecurity disclosure is voluntary.
Rahman et al. (Wed,) studied this question.