기업지배구조와 사이버 보안 품질 ：이사회 특성을 중심으로

[Purpose]This study aims to analyze the characteristics of board of directors that influence the quality of cybersecurity. As cybersecurity has emerged as a critical management risk due to the recent digital transformation and increasing security threats, this research seeks to empirically examine the impact of board expertise, independence, and activity on cybersecurity quality. [Methodology]A logistic regression analysis was conducted on Korean firms listed on the KOSPI and KOSDAQ markets from 2011 to 2021. Cybersecurity quality was measured using the possession of ISO 27001 and ISMS (ISMS－P) certifications as proxies. Board expertise was analyzed with a focus on IT and risk management expertise. Additionally, this study examined whether board independence and activity influence the relationship between board expertise and cybersecurity quality. [Findings]Firms with higher levels of IT and risk management expertise on their boards demonstrated significantly higher cybersecurity quality. Moreover, a higher proportion of outside directors and more frequent board meetings were found to strengthen the positive relationship between board expertise and cybersecurity quality. [Implications]This study emphasizes that cybersecurity should be addressed as a strategic issue at the board level, rather than just a technical issue. Additionally, the empirical findings that governance factors significantly influence the level of cybersecurity suggest policy implications for ESG management, indicating that strengthening board characteristics can enhance cybersecurity capabilities.