Cybersecurity, governance and organizational performance of Moroccan SMEs: an empirical analysis using PLS-SEM modeling
DOI:
https://doi.org/10.71420/ijref.v3i6-1.323Keywords:
cybersecurity, SME governance, organizational performance, cybersecurity culture, regulatory framework, PLS-SEM, MoroccoAbstract
The digital transformation of Moroccan small and medium-sized enterprises (SMEs) increases their exposure to cyber risks, while also raising major issues related to governance, information transparency, internal control, managerial accountability, and organizational performance. This research analyzes the impact of cybersecurity practices on the governance of Moroccan SMEs, integrating the mediating role of organizational cybersecurity culture and the moderating role of the perceived regulatory and institutional framework. The originality of this study lies in its conceptualization of cybersecurity not as a simple technical device, but as an organizational and institutional lever for governance. Theoretically, the article combines agency theory, stakeholder theory, institutional theory, and the resource-based view to explain how cybersecurity practices can reduce information asymmetries, strengthen accountability, and improve the quality of control mechanisms. Methodologically, the study tests a multidimensional model integrating five cybersecurity dimensions, four governance dimensions, a mediating variable, and a moderating variable within the specific context of Moroccan SMEs. From a managerial perspective, it proposes a ranking of the most relevant cybersecurity levers for SME leaders. The study is based on a cross-sectional quantitative survey conducted with 246 Moroccan SME leaders. The data were processed using a sequential approach combining psychometric purification with SPSS and structural equation modeling using the Partial Least Squares Structural Equation Modeling approach with SmartPLS 4, with bootstrapping of 5,000 subsamples. The results show that organizational cybersecurity practices—policies and procedures, training and awareness, and regulatory compliance—have significant effects on governance, while protection technologies and incident management alone do not generate significant direct effects. Cybersecurity culture plays a partial and selective mediating role, while the perceived regulatory and institutional framework does not have a significant moderating effect. Finally, information transparency, internal controls, and leadership accountability contribute positively to organizational performance.Downloads
Published
2026-06-10
How to Cite
Bouabdallaoui, I., & Defouad, R. (2026). Cybersecurity, governance and organizational performance of Moroccan SMEs: an empirical analysis using PLS-SEM modeling. International Journal of Research in Economics and Finance, 3(6-1), 85–103. https://doi.org/10.71420/ijref.v3i6-1.323
Issue
Section
Articles
License
Copyright (c) 2026 Ikram Bouabdallaoui, Rhizlane Defouad
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
