Home Browse Organizational cybersecurity and its impact on organizational immunity-An...
ALL Metrics
-
Views
-
Downloads
Get PDF
Get XML
Cite
Export
Track
Research Article

Organizational cybersecurity and its impact on organizational immunity-An analytical study at the Ministry of Education Iraq/ General Directorate of Educational Planning

[version 1; peer review: awaiting peer review]
LUAY Rhadi khaleefah Alrubaye
https://orcid.org/0009-0003-7097-2112
1Qammach Nada Ismaeel Jabbouri2
LUAY Rhadi khaleefah Alrubaye
https://orcid.org/0009-0003-7097-2112
1Qammach Nada Ismaeel Jabbouri2
PUBLISHED 29 Jan 2026
Author details Author details
OPEN PEER REVIEW
REVIEWER STATUS AWAITING PEER REVIEW

This article is included in the Fallujah Multidisciplinary Science and Innovation gateway.

This article is included in the Cybersecurity collection.

Abstract

Background

This research addressed organizational cybersecurity, which has emerged as a critical element in the digital age and has become a strategic issue for organizations working to protect user assets against security risks in the cyber environment. And Organizational immunity includes the policies and procedures adopted by an organization to protect its core values and correct performance deviations. The research purpose on studying the impact of organizational cybersecurity on organizational immunity at the Iraqi Ministry of Education/General Directorate of Educational Planning. There is a need to study this relationship to better understand how organizations can strengthen their capabilities in an advanced digital environment.

Methods

The research adopted a descriptive analytical approach, whereby 95 questionnaires were distributed and data was collected from 85 respondents, ready for statistical analysis. The data was analyzed using statistical tools (SPSS V.28&smartpls4) to verify the scale and analyze the relationships between variables.

Results

indicate that the level of organizational cybersecurity implementation was first in relative importance, while organizational immunity came in second, and there is an impact relationship between organizational cybersecurity and organizational immunity, which reinforces the fundamental role of the General Directorate of Educational Planning in maintaining business continuity and limiting the impact of cyberattacks.

Conclusion

The research concludes that organizational cybersecurity plays an important role in enhancing organizational immunity, as the application of cybersecurity tools would enhance the role of the General Directorate of Educational Planning and its ability to withstand cyber threats, strengthen digital measures, improve protection, and ensure business continuity in the digital environment.

Keywords

Organizational cybersecurity, Organizational immunity, General Directorate of Educational Planning

Corresponding author: LUAY Rhadi khaleefah Alrubaye
Competing interests: No competing interests were disclosed.
Grant information: The author(s) declared that no grants were involved in supporting this work.
Copyright:  © 2026 Alrubaye LRk and Nada Ismaeel Jabbouri Q. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
How to cite: Alrubaye LRk and Nada Ismaeel Jabbouri Q. Organizational cybersecurity and its impact on organizational immunity-An analytical study at the Ministry of Education Iraq/ General Directorate of Educational Planning [version 1; peer review: awaiting peer review]. F1000Research 2026, 15:141 (https://doi.org/10.12688/f1000research.175125.1) First published: 29 Jan 2026, 15:141 (https://doi.org/10.12688/f1000research.175125.1) Latest published: 29 Jan 2026, 15:141 (https://doi.org/10.12688/f1000research.175125.1)

1. Introduction

With the acceleration of the pace of technological development of information and the era of digitization of organizations and the transfer of many commercial and daily activities around the world via the Internet, the importance of cybersecurity has increased, as it has become an essential pillar to protect critical infrastructures and sensitive data, especially with the continuous spread of information breaches in both governmental and private institutions as well as the damage and sophisticated threats resulting from this in the cyber landscape, which requires institutions at different levels to develop strategies to mitigate threats, so it is necessary for institutions to build a model of cybersecurity culture to educate the From the above, A review of previous studies showed that most of them focused on the purely technical aspect of cybersecurity and rarely addressed the organizational aspect. Therefore, there is a need to fill the research gap by addressing the relationship between organizational cybersecurity and organizational immunity in government organizations, particularly in the education sector, through conducting an analytical study in the General Directorate of Educational Planning, which was chosen because it is a vital directorate in the Ministry of Education that relies on information systems used in administration, planning, and communications, which makes it vulnerable to cyber threats. In addition, it was found that there was no study that addressed the research variables in the Directorate of Educational Planning, which gives the research scientific, practical, and cognitive value.

The research was divided into several axes, as the first axis dealt with the methodological framework of the research, while the second axis reviewed the theoretical framework of organizational cybersecurity and organizational immunity, and the third axis focused on analyzing data and testing research hypotheses to reach results that clarify the impact of cybersecurity on organizational immunity in the Directorate of Educational Planning, and the research concluded by presenting the conclusions and recommendations of the research.

2. Research methodology

2.1 Research problem

The diversity of digital systems and technological applications, as well as the use of artificial intelligence systems and advanced technologies in strategic decision-making, has posed a technological challenge for the General Directorate of Educational Planning to keep pace with these developments, in addition to its increasing needs to address security challenges that threaten the integrity of the Directorate’s data and information infrastructure. Therefore, the research problem emerged from the limited awareness and application of organizational cybersecurity technologies and their role in strengthening the organization’s immunity.

The main purpose of the research is to explain organizational cybersecurity and its impact on organizational immunity in the General Directorate of Educational Planning.

This might be accomplished by answering the subsequent inquiries:-

  • 1- What is the status of organizational cybersecurity and the implementation of organizational immunity in the General Directorate of Educational Planning?

  • 2- What is the level of impact of organizational cybersecurity on achieving organizational immunity?

2.2 Research importance

The importance lies in the following points:-

  • 1- Its importance is highlighted by presenting a new model that takes into account the nature of the relationship between organizational cybersecurity and organizational immunity for the purpose of bridging the knowledge gap, with the aim of improving sustainable performance in government institutions, which in turn is reflected in their services.

  • 2- The research contributes to enriching the scientific literature in the field of organizational cybersecurity and organizational immunity.

  • 3- It benefits from the nature of the relationship between the research variables in providing decision-makers at the General Directorate of Educational Planning with actionable recommendations to raise the level of cybersecurity protection, reduce it, and address weaknesses in the cyber infrastructure.

2.3 Research objectives

The current research seeks to achieve the following:-

  • 1- Measure the level of organizational cybersecurity and organizational immunity in the General Directorate of Educational Planning.

  • 2- Analyze and test the statistical correlation between organizational cybersecurity and organizational immunity based on the specified indicators.

  • 3- Presenting a set of practical findings and recommendations to enhance the level of organizational cybersecurity and immunity within the General Directorate of Educational Planning.

2.4 Research model

The research design reflects the research problem, objectives, and significance by revealing the relationship between two variables:

Organizational cybersecurity as an independent variable and organizational immunity as a dependent variable, as shown in Figure 1.

513edc29-30e0-4d69-bc80-33d0abb9016d_figure1.gif

Figure 1. Research conceptual model.

2.5 Research hypotheses

Ho.1: There is no significant impact of organizational cybersecurity on organizational immunity: -

Ho1.1: The first sub-hypothesis: There is no significant impact of training and organizational policies in organizational immunity.

Ho1.2: Second sub-hypothesis: There is no statistically significant impact of organizational effectiveness and government policies in organizational immunity.

Ho1.3: The third sub-hypothesis: There is no significant impact of the dimension of absorptive capacity in organizational immunity.

Ho.2: Second hypothesis: There is no significant Impact Organizational cybersecurity together in organizational immunity.

2.6 Research methodology and measurement

The research adopted a descriptive analytical approach and used a questionnaire as a data collection tool, which included 24 items reflecting the research variables (organizational cybersecurity and organizational immunity). In addition, it adopted measures from recent Arab and foreign sources, using a five-point Likert scale (strongly agree, agree, somewhat agree, disagree, strongly disagree). Table 1 illustrates Research terms and scale.

Table 1. Research terms and scale.

Variables and dimensions of the studyCodeThe number of questions Scale source
Training and organizational policiesTAO4[1]
Organizational effectiveness and government policiesOEAGP4
Absorptive capacityAC4
Organizational cybersecurityOC12
Organizational learningOL4

[2]
[3]
Organizational memoryOM4
Regulatory genesRG4
Organizational immunityOI12

2.7 Research community and sample

The Ministry of Education/General Directorate of Educational Planning was selected as the field of application, and the research sample was a purposive stratified sample of directors and officials in the directorate. The statistical table Krejcie&Morgan4 was used to determine the sample size, as a simple random sampling method was adopted with a distribution of 95 questionnaires. Eighty-five questionnaires were valid for statistical analysis, representing 89% of the distributed questionnaires, which is a high and statistically acceptable percentage.

2.8 Assessing the quality of measures

  • 1- Organizational Cybersecurity Model

    Figure 2 shows the questions of the dimensions of the organizational cybersecurity model, which consisted of three main dimensions (training and organizational policies, organizational effectiveness and governmental policies, and absorptive capacity). With a total of (12) questions, the table also showed the composite stability values (CR) for the dimensions of the organizational cybersecurity variable (0.898, 0.826, 0.831), which are within statistically acceptable limits (> 0.70), which indicates a high level of stability and confirms the quality of the scale, and the results showed that Cronbach’s alpha coefficient for the dimensions of the variable amounted to (0.833, 0.836, 0.896). (0.836, 0.896), which is higher than the accepted normative value (0.70), reflecting high internal consistency between paragraphs, in addition, the values of the average variance of the extract (AVE) for the organizational cybersecurity variable came within the acceptable range, reaching (0.564, 0.552, 0.690), exceeding the required minimum threshold (0.50). The results indicate that the sub-dimensions contribute significantly to explaining the total variance of the variable, which enhances the reliability of the model and its ability to explain the relationships between its components.

    Table 2 shows the values of the estimates of the organizational cybersecurity model, where they ranged between (0.659-0.890), indicating that all paragraphs have a significant Impact on the dimensions of the model. The results of the (t) test also showed that the values ranged between (5.658-9.887), all of which are greater than the tabular value of (t) of (1.984) at the significance level (0.05). This reflects the high statistical reliability of the items and sufficient support for adopting the finalized model in subsequent statistical analysis.

  • 2- Organizational immunity

    As can be seen in Figure 3 which presents the questions of the dimensions of the organizational immunity model, namely (organizational learning, organizational memory, regulatory genes), with a total of (12) questions, and as shown in Table 3 the values of the composite stability coefficient (CR) for the dimensions of the organizational immunity variable (0.888, 0.890, 0.867), which are within the acceptable limits (> 0. 70). The results also showed that the values of Cronbach’s alpha coefficient for the same dimensions were (0.883, 0.892, 0.868), which also exceeds the accepted normative value (0.70), and indicates the existence of internal consistency between paragraphs, and the values of the average variance extracted (AVE) came within acceptable limits, amounting to (0.660, 0.670, 0.610), exceeding the required minimum threshold (0.50). These findings show that the sub-dimensions have a major role in understanding the organizational immunity variable’s overall variation as well as the model’s dependability and ability to effectively describe the relationships between its dimensions.

    Table 3 showed the values of the estimates for the paragraphs of the organizational immunity model, which ranged between (0.691-0.913), indicating that all paragraphs have a significant Impact within the model. The (t) values, which ranged from (6.589-9.922), were all greater than the tabular value of (t) of (1.984) at a significance level of (0.05), which is a sufficient indicator for adopting the model in its final formulation in subsequent statistical analysis.

513edc29-30e0-4d69-bc80-33d0abb9016d_figure2.gif

Figure 2. Organizational cybersecurity model.

Table 2. Estimates for the dimensions of the organizational cybersecurity variable.

Questions Estimate T values P values Cronbach's alpha) Composite reliability (AVE)
AC1 <- AC0.689n/an/a0.8330.8310.564
AC2 <- AC0.7306.1500.000
AC3 <- AC0.8867.2110.000
AC4 <- AC0.6805.6580.000
OEAGP1 <- OEAGP0.753n/an/a0.8360.8260.552
OEAGP2 <- OEAGP0.7697.0540.000
OEAGP3 <- OEAGP0.6595.9620.000
OEAGP4 <- OEAGP0.7857.1630.000
TAO1 <- TAO0.822n/an/a0.8960.8980.690
TAO2 <- TAO0.8088.5790.000
TAO3 <- TAO0.8909.8870.000
TAO4 <- TAO0.7998.3810.000
513edc29-30e0-4d69-bc80-33d0abb9016d_figure3.gif

Figure 3. Organizational immunity model.

Table 3. Estimates for the dimension of the organizational immunity variable.

QuestionsEstimateT valuesP valuesCronbach's alpha)Composite reliability (AVE)
OL1 <- OL0.778n/an/a0.8830.8880.660
OL2 <- OL0.8478.7920.000
OL3 <- OL0.6966.7610.000
OL4 <- OL0.9139.5370.000
OM1 <- OM0.776n/an/a0.8920.8900.670
OM2 <- OM0.8358.5860.000
OM3 <- OM0.7968.0610.000
OM4 <- OM0.8658.9120.000
RG1 <- RG0.820n/an/a0.8680.8670.610
RG2 <- RG0.8849.9220.000
RG3 <- RG0.7136.9410.000
RG4 <- RG0.6916.5890.000

2.9 Statistical methods of research

A set of statistical methods was adopted to provide statistical analysis of the research results and test its hypotheses. These methods included (confirmatory factor analysis, arithmetic mean, and standard deviation, coefficient of variation, relative importance, correlation coefficient, and linear regression analysis).

3. Theoretical framework

3.1 Concept of organizational cybersecurity

The phrase cybersecurity refers to a broader range of procedures and guidelines that shield computer networks and systems from threats and incursions of any kind in cyberspace.1 Cybersecurity is a very critical business challenge in the digital era and establishes effective policies for organizations to protect their assets and comply with regulatory mandates to enhance stakeholder confidence.5 Cybersecurity is also a critical element of an organization’s management that affects organizational strategies in a comprehensive ways.6 Integrating cybersecurity principles into organizational practices (OPs) improves organizational resilience by embedding security determinants into daily operations, and resource management empowers employees by prioritizing cybersecurity in their professional responsibilities.7 Additionally, studies reveal that a cybersecurity culture dramatically lowers the probability of successful cyberattacks. Employees who believe that cybersecurity is a significant part of the company culture are more likely to follow security procedures and feel more accountable for safeguarding the company’s resources.8

Cybersecurity is also known as the prevention of cybercrime, as the awareness of information security is playing a key role in preventing cybercrime.9 The concept of organizational cybersecurity may be defined as protecting computer systems from theft or corruption of their hardware, software or databases from disrupting the operations and services provided by the organization to the community.10 It is also known to be an external variable that may take into account directives that protect information technology and computer systems for the purpose of forcing companies to protect their systems and information from cyber threats and data breaches.11 According to Petrova et al.,Cyber security and information security are strongly related and overlap in some respects, but they are not the same, as information security is generally focusing on the protection of information and cyber security is one of its components, while cyber security focuses specifically on protecting information in cyberspace.12

3.2 Dimensions of organizational cybersecurity

When reviewing the literature related to the topic of organizational cybersecurity.

It was noted that there was a lack of clear guidance from researchers explaining the dimensions of this term. Therefore, we will rely on the dimensions identified by a study1:-

  • 1- Cybersecurity training and organizational policies

    Cybersecurity training is an indispensable aspect for employees, as it helps to ensure the security of the organization.13 Organizations need cybersecurity training and Awareness with a focus on teaching employees to act according to certain IT security principles and objectives.14 Cybersecurity awareness training includes implementing regular training sessions to teach employees about the latest cybersecurity threats, best practices, and the organization’s policies and procedures.15 Fostering a culture of knowledge sharing among employees coupled with training can improve organizational resilience against security vulnerabilities.16 Good security-related policies promote a more cohesive and standardized approach to cybersecurity within organizations.17 It is essential for HR departments to include training as an essential part of employee onboarding in order to ensure an adequate level of competence in dealing with threats and incidents.18 Regular training sessions and awareness programs enable employees to recognize potential threats, adhere to security policies, and adopt safe behaviors in their daily work routine.19

    In addition, policies in the field of cybersecurity constitute a set of legislation, programs and procedures formulated by a governing body within the organization, and these policies serve as regulatory frameworks that define protocols and standards to be followed to protect information and physical assets from potential threats, and policies are necessary to strengthen cyber defenses and mitigate vulnerabilities and potential attacks in the digital domain.20 A cybersecurity policy has a positive impact on employees’ beliefs and behavior directed towards cybersecurity.21 Developing a comprehensive cybersecurity policy is a strategic answer to protect organizational data and information, and it establishes a framework for employees to follow security measures and enforce compliance with cybersecurity standards.22

  • 2- Organizational Effectiveness and Government Policies

    In the age of rapid digitization of organizations, cybersecurity has emerged as an integral part of organizational safety and effectiveness, which includes not only maintaining the confidentiality, integrity, and availability of digital assets but also establishing an organizational cybersecurity culture and thus human behavior.23 Cybersecurity has become an essential pillar for protecting infrastructure, sensitive data, and individual privacy.24

    The capacity of organizations to deal with cybersecurity can be enhanced by complying with standards, laws, and government regulations that can enhance an organization’s ability to defend against cyberattacks.18 The governments around the world have also recognized the need for formal regulations to protect sensitive data and critical infrastructure.25 Government policy is the result of a set of activities that operate within an environment where government policy makers determine what to do and what not to do, and addressing issues related to cybercrime and threats is a priority for every government.26

  • 3- Absorptive Capacity

    The theory of absorptive capacity was developed by Cohen and Levinthal (1990) to explain the structural readiness and ability of organizations to engage in new ideas and recognize the value of improvements and innovation.27 According to Cohen, an organization’s ability to stay competitive in quickly changing industries depends on its ability to absorb and acquire new knowledge. Businesses with high absorptive capacity are also better equipped to comprehend and react to environmental issues and changes in the market and environment, which makes their operations flexible and sustainable.28 Absorptive capacity supports an organization’s development of learning. Companies that excel in absorptive capacity create an environment where continuous learning and knowledge sharing are embedded in the organizational culture.29 Cohen and Leventhal define the term “absorptive capacity” as an organization’s capacity to gather, assimilate, and apply fresh outside information to give the business a competitive edge3032 and Zahra and George (2002) defined it as a set of routine organizational procedures and processes through which organizations acquire, absorb, transform and apply knowledge to produce dynamic organizational capacity.33,34 Kim defined it as the ability to learn and solve problems.35 It also refers to an organization’s ability to absorb, learn, integrate and assimilate external knowledge within the organizational context.36

3.3 Organizational immunity

Dejos (1997) was the first to introduce the term organizational immunity systems in the business management literature, as he mentioned it in a narrow context in which he discussed the concept of organizational culture, calling for the need to deal with organizations as a living organism that can adapt and interact with the surrounding environment and overcome its threats so that it can survive.37 Management scholars also use this medical term in organizations because the organization is similar to a living organism, and it has been defined as a social entity whose main purpose is to form a defensive system for the organization to face the risks that may threaten its survival or affect its work.38 The immune system in organizations is considered a vital device that works to counter any harmful influences that try to create negative influences and disturbances that lead to the deviation of the organization’s path from its desired goals.39 Organizational immunity is defined as the ability to protect and defend itself, either by preventing or overcoming weaknesses and threats or by removing them, avoiding them, preventing their growth or stopping their effects.40 It may also be described as an integrated work system that seeks to utilize the resources at hand in order to preserve the organization’s stability and safeguard it against dangers.2 It Refers Majeed & Lafta a collection of regulations, guidelines, and policies that rely on a collection of people and procedures to create a wall that keeps the company from straying from the course necessary to accomplish its objectives, regardless of whether the departure is due to internal or external factors.41

3.4 Dimensions of organizational immunity

The dimensions of organizational immunity were determined according to the study Refs. 2 & 3:-

1- Organizational learning: It is a multidimensional latent construct that includes managerial commitment, systems perspective, openness, experimentation, knowledge transfer and integration.42 It refers to the organizational capacity to learn the attributes, practices and issues within the organization that facilitate learning processes, including generating, acquiring, disseminating and integrating knowledge and modifying behaviors to reflect new cognitive insights to improve performance.43 Organizational learning refers to the process by which an organization or group of professionals collectively acquire, share, and apply knowledge to improve its performance and adapt to changing circumstances.44

2- Organizational memory: It is the means by which knowledge from the past is brought into current organizational activities and provides the knowledge needed to perform the current functions of the organization.45 It is an appropriate metaphor that can be used to define the knowledge and information that an organization possesses and the processes it uses to store and retrieve it when needed.3 It is defined as the process by which data or information that is stored is processed through various mechanisms related to this process.46

3- Regulatory genes: is a modern management technique that analyzes the internal characteristics of organizations based on the principle that every organization is like a living organism, with genetic traits that distinguish it from other organizations. The term “organizational DNA” was coined by Booz Hamilton, which sought to provide organizations with an easy and accessible way to identify and address the problems and difficulties that hinder and affect their success.47 Organizational DNA has an effective role in defining organizations and leading management functions such as decisions, organizational structure, teamwork and communication.48 Organizational DNA is regarded as one of the most important aspects of management since it influences employee behavior and, consequently, the organization’s performance. It also helps to identify the organization’s strengths and weaknesses, forecast employee behavior and performance, and develop work expectations that inform institutional and individual decisions and ensure the organization’s sustainability.49

3.5 The relationship between organizational cybersecurity and organizational immunity

Effective cybersecurity management enhances business operations and enables companies to turn cybersecurity into a competitive advantage by adopting proactive cybersecurity measures that not only protect assets but also assure business partners and customers of the company’s commitment to security. This can lead to smoother business transactions and partnerships and enhance trust across business networks.23 The importance of cybersecurity has been highlighted by the increasing frequency and severity of cyberattacks, especially since the financial impact of these breaches is significant, with costs extending beyond immediate damages to include long-term effects such as loss of business, legal fees, and regulatory fines.50 In addition, the role of organizational cybersecurity is not limited to protecting information systems, but also enhances their ability to adapt and withstand risks, thereby strengthening the organization’s immunity. Ali, points out that the organizational immune system consists of people, policies, procedures, processes, culture, and modern and sophisticated systems and mechanisms that act as a strong barrier to counter external threats and address weaknesses within the organization, through which the organization maintains its integrity in an environment fraught with potential consequences.37

From the above, organizational cybersecurity provides a line of defense that reduces information leaks and impacts on operational processes; thereby creating an environment that is responsive to potential risks and promotes a culture of organizational immunity. On the other hand, organizational immunity increases the efficiency of organizational cybersecurity by providing a flexible management framework to accommodate technological developments and continuously update them. Thus, the relationship between the two is complementary, organizational cybersecurity enhances the organization’s ability to face risks and threats, and organizational immunity provides the necessary administrative support through planning and continuous improvement, thereby reducing operational losses and increasing the organization’s efficiency.

4. Materials and method

The study reviews the statistical analysis data to describe the research variables as follows:-

4.1 Descriptive analysis of research variables

Descriptive analysis and interpretation of the sample respondents’ answers to the organizational cybersecurity and organizational immunity statements are presented in this study as follows:-

  • A- Descriptive analysis of Organizational Cybersecurity:-

    Table 4 indicates and Figure 4 the results of a descriptive analysis of the dimensions of organizational cybersecurity, as the arithmetic mean of the dimension of training and organizational policies (3.365) with standard deviation (0.931) and a coefficient of variation (27.67%),which indicates relative stability in the responses of the sample towards this dimension, ranking third in relative importance, This dimension needs to be developed along with clear and strengthened training policies, while the dimension of organizational effectiveness and government policies, recorded an arithmetic mean (3.438) and a standard deviation (0.869) and a coefficient of variation (25.29%), ranking second in relative importance. While the absorptive capacity dimension recorded a mean of (3.397), standard deviation (0.838) and coefficient of variation (24.68%), ranking first among the dimensions in terms of relative importance. The organizational cybersecurity dimension achieved the highest level of stability in the sample responses with an arithmetic mean of (3.400), standard deviation (0.795) and coefficient of variation (23.40%), ranking first among the dimensions by relative importance which reflects a high perception of the importance of this dimension.

  • B- Descriptive analysis of Organizational immunity

    Table 4 shows and Figure 5 the descriptive results of the dimensions of the organizational immunity variable, as the organizational learning dimension came with an arithmetic mean of (3.238), standard deviation (0.948) and coefficient of variation (29.27%), ranking third in relative importance, which reflects a relatively moderate response by the sample towards this dimension. Therefore, the Directorate should enhance institutional learning and continuous professional development programs. while the organizational memory dimension recorded an arithmetic mean of (3.306), standard deviation (0.955) and coefficient of variation (28.88%), ranking second in relative importance, indicating an advanced perception of the importance of this dimension, while the dimension of regulatory genes achieved the highest arithmetic mean of (3.462) with standard deviation (0.864) and coefficient of variation (24.95%). This indicates a higher stability of the sample’s responses, which qualified it to occupy the first place in relative importance, This means that the directorate has a work culture and values regarding employee behavior., and considering the organizational immunity variable as a whole, it recorded an arithmetic mean of (3.335), standard deviation (0.861) and coefficient of variation (25.82%), ranking second in the overall ranking of the studied dimensions, an indicator of the sample’s advanced awareness of the importance of this variable in the organizational work environment.

Table 4. Descriptive statistics for research variables and dimensions.

Dimensions of research variablesMeandeviationCoefficient of variation Relative importance
Organizational Training and Policy3.3650.93127.673
Organizational Effectiveness and Government Policy3.4380.86925.292
Absorptive Capacity3.3970.83824.681
Organizational Cybersecurity3.4000.79523.40first
Organizational Learning3.2380.94829.273
Organizational Memory3.3060.95528.882
Regulatory Genes3.4620.86424.951
Organizational Immunity3.3350.86125.82second
513edc29-30e0-4d69-bc80-33d0abb9016d_figure4.gif

Figure 4. Shows the descriptive statistics for the dimensions of the organizational cybersecurity variable.

513edc29-30e0-4d69-bc80-33d0abb9016d_figure5.gif

Figure 5. Shows the descriptive statistics for the dimensions of the organizational immunity variable.

4.2 Testing the hypotheses of the research

The study presents the findings from the statistical examination of the research hypotheses in the following manner:-

  • 1- Testing the first main hypothesis:

    (There is no a Significant Impact of Organizational Cybersecurity on Organizational Immunity).

    Table 5 shows and Figure 6 that the relationship between organizational cybersecurity and organizational immunity was strong and statistically significant, as the correlation coefficient (R) between them reached (0.886), This means that increased organizational cybersecurity is linked to increased immunity within the directorate, which is a high value indicating a strong positive correlation between the two variables, and the value of the coefficient of determination (R2) of (0.785) showed that organizational cybersecurity explains 78.5% of the total variance in organizational immunity, This indicates that organizational cybersecurity is not merely a preventive or technical measure, but rather a crucial element in enhancing the capabilities of the General Directorate of Educational Planning, in addition, the adjusted (R2 Adj) value amounted to (0.782), which reflects the stability of the model when generalizing the results to the statistical community, while the (F) test recorded a value of (303.081), which is significantly greater than the tabular value of (F) at the significance level (0.05), with a significant value (Sig = 0.000), which indicates the significance of the model as a whole, the results also showed that the calculated (t) value for the organizational cybersecurity variable was (17.409), which is greater than the tabular value of (t) of (1.984) at the level of significance. level (0.05), and the value of the regression coefficient (β) indicates that increasing organizational cybersecurity by one unit leads to an increase in organizational immunity by (95%), reflecting a strong and direct impact of the independent variable on the dependent variable.

  • 2- Examining the sub-hypotheses of the organizational cybersecurity dimensions in relation to organizational immunity, as indicated by Table 6:-

    The Table 7 showed the results of the regression analysis between the dimensions of organizational cybersecurity in the organizational immunity variable, where the results revealed that there are significant and statistically significant impact for all dimensions.

Table 5. Impact analysis between organizational cybersecurity on organizational immunity.

Independent variable(t)R(R2)(R2) Adj(F)SigDependent variable
organizational cybersecurity (α) 0.0740.3870.8860.7850.782303.081 0.000 organizational immunity
(β) 0.95017.409
513edc29-30e0-4d69-bc80-33d0abb9016d_figure6.gif

Figure 6. Impact analysis between organizational cybersecurity on organizational immunity.

Table 6. Sub-hypotheses of the Impact between the dimensions of organizational cybersecurity on organizational immunity.

Hypothesis codeHypothesisDecision
H11There is a significant impact of the training dimension and organizational policies on organizational immunity The alternative hypothesis is proven
H12There is a significant impact of the dimension of organizational effectiveness and government policies on organizational immunity The alternative hypothesis is proven
H13There is a significant impact of the absorptive capacity dimension on organizational immunity The alternative hypothesis is proven
Number of accepted null hypotheses0
Number of alternative hypotheses accepted3

Table 7. Influence analysis between organizational cybersecurity dimensions on organizational immunity.

Dimensions of Organizational CybersecuritytRR2Adj (R2)F sig
Organizational immunityTraining and organizational policies α0.8784.039 0.7900.6240.619137.6490.000
B0.73011.732
Organizational effectiveness and government policies α0.7142.902 0.7700.5930.588120.7410.000
B0.76210.988
Absorptive capacity α0.3821.8180.8470.7170.713209.8830.000
B0.86914.487

4.3 Testing the second main hypothesis

(There is no a significant impact of organizational cybersecurity on organizational immunity)

Table 8 and Figure 7 indicate the results of the impact analysis between the dimensions of organizational cybersecurity on organizational immunity, as the extracted F value achieved a value of (110.021) indicating that there is a significant impact between organizational cybersecurity on organizational immunity, This indicates the acceptance of the alternative hypothesis (there is a significant impact of organizational cybersecurity on organizational immunity),According to the R2 value (Adj) shows that the dimensions of organizational cybersecurity together were able to explain 79% of the changes in organizational immunity, The extracted (t) value of (3.037, 2.773, and 6.777), respectively, is greater than the tabulated (t) value of (1.984) and indicates that the impact of the parameter (β) for the dimensions (training and organizational policies, organizational effectiveness and government policies, absorptive capacity), is real as increasing the impact by one unit will increase organizational immunity by (23%, 22%, and 52%) respectively, As for the impact of the absorptive capacity dimension, the results showed that it has no significant impact on organizational immunity.

Table 8. Impact analysis of the combined organizational cybersecurity dimensions on organizational immunity.

Dimensions of Organizational Cybersecurity(α)(β)(t)Sig.(R) multiple(R2)(R2) Adj(F)Sig.Tolerance VIF
Training and organizational policies0.0100.2343.0370.0030.8960.8030.796110.0210.0000.3502.861
Organizational effectiveness and government policies(t)0.2212.7730.0070.3752.664
absorptive capacity.055.52306.777.00000.4312.320
(F) tabular2.70
(t) tabular1.984
Number of accepted dimensions (Influential) = 3
Number of unacceptable (Non-influential) dimensions =0
513edc29-30e0-4d69-bc80-33d0abb9016d_figure7.gif

Figure 7. Impact analysis of the combined organizational cybersecurity dimensions on organizational immunity.

As evidenced by the results of the multicollinearity test between organizational cybersecurity dimensions, the Tolerance values ranged between (0.350-0.431),They are all higher than the minimum acceptable threshold of (0.10), indicating that there is no serious issue of multicollinearity. As for the VIF values, they ranged between (2.320-2.861), which are all much lower than the recommended upper limit of (5), which reinforces the previous result and confirms that there is no issue of multicollinearity between the independent variables in the model.

In reviewing the research results, it was found that the organizational cybersecurity variable plays an important role in enhancing the organization’s immunity, especially in the work environment of the General Directorate of Educational Planning, as the high level of employee awareness will contribute to reducing cyber risks and threats and enhance business continuity and maintain the reliability of the Directorate’s systems and data. The results also showed that organizational cybersecurity has a significant impact on organizational immunity, rejecting the null hypothesis and accepting the first alternative hypothesis, as well as accepting the second alternative hypothesis that there is a significant impact between organizational cybersecurity and organizational immunity.

Therefore, the Directorate of Educational Planning must pay attention to the results, considering that organizational cybersecurity is an important technical element that contributes to building sustainable organizational immunity capable of responding efficiently to crises and threats.

4. Conclusions and Recommendations

4.1 Conclusions

  • 1- According to statistical data, the organizational cybersecurity variable’s dimensions had high stability coefficient values, and the organizational immunity scale’s dimensions also demonstrated stability, indicating the scale’s quality. As a result, the model is thought to be more trustworthy when describing how organizational immunity and cybersecurity are related.

  • 2- When the organizational cybersecurity variable was descriptively analyzed, the mean result was (3.400) and came in first place in terms of relative importance, in terms of relative importance, while the organizational immunity variable achieved a mean of 3.335, ranking second in terms of relative importance, which indicates that there is good awareness and interest in the importance of these variables in improving, sustaining, and enhancing outstanding performance.

  • 3- The research revealed that the correlation between organizational cybersecurity and organizational immunity was strong and statistically significant in the General Directorate of Educational Planning, confirming that digital practices directly contribute to enhancing its ability to cope with crises and difficulties in the organizational work environment.

  • 4- There is impact between organizational cybersecurity and organizational immunity. The results also show that the dimension of “absorptive capacity” has no significant Impact on organizational immunity, which reinforces the essential role of the General Directorate of Educational Planning in maintaining business continuity and minimizing the impact of cyber-attacks.

4.2 Recommendations

  • 1- The necessity for the Ministry of Education/General Directorate of Educational Planning to create cybersecurity policies and procedures that adhere to the most recent global standards for safeguarding digital infrastructure.

  • 2- Work on training employees and organizing courses for them on technology to raise awareness of cyber threats and how to deal with them, which contributes to strengthening the organizational immunity of the General Directorate of Educational Planning.

  • 3- Allocate adequate budgets to invest in cybersecurity infrastructure, including network protection devices, secure and advanced cloud solutions, and protection software to prevent any breaches that threaten its operating systems.

  • 4- The need to integrate the organizational cybersecurity policy into the strategic planning of the General Directorate of Educational Planning and consider it a key part of governance and organizational prevention, as well as establishing partnerships with institutions specializing in cybersecurity to benefit from their expertise and information.

  • 5- Conducting more future studies on organizational cybersecurity and organizational immunity in other health, industrial, and commercial institutions and comparing them with the results of the current research.

Ethical approval

The research was performed based on the ethical guidelines in the Ministry of Education Iraqi, which does not ethical require formal approval for social science studies that do not involve medical matters, personally identifiable information, or sensitive data. The Ministry does not have an Institutional Review Board for this type of research; therefore, no formal ethical approval or exemption was required, however, all ethical principles were adhered to.

Consent for participation

All participants in the research were informed of the purpose of their voluntary participation and the confidentiality of their responses, which were used for research purposes. All participants were adults and gave their informed consent verbally. The research used an anonymous questionnaire and did not collect any information that could identify them. In addition, written consent was not required for low-risk research.

Data availability statement

All research data are available under the terms of the Creative Commons Attribution 4.0 International license (CC-BY 4.0) at: https://doi.org/10.5281/zenodo.17924397.51

Extended data statement

The questionnaire used in this research is available file on the Zenodo platform at the following link: https://doi.org/10.5281/zenodo.17924397.51 And may be reused under an open and free license.

References

  • 1.  Al-Somali SA, Saqr RR, Asiri AM, et al.: Organizational Cybersecurity Systems and Sustainable Business Performance of Small and Medium Enterprises (SMEs) in Saudi Arabia: The Mediating and Moderating Role of Cybersecurity Resilience and Organizational Culture. Sustainability. 2024; 16(5): 2–25. Publisher Full Text
  • 2.  Ismail HK, Saleh SN: The role of regulatory immunity in enhancing marketing performance: A field study at Khan Bazaar Company-Dohuk. Journal of Economic Sciences. 2024; 19(74): 43–75.
  • 3.  Amin MA, Mhaibes HA: The Impact of Strategic Sensitivity on Organizational Immunity: An Analytical Research in the Iraqi Ministry of Education. Journal of Economics and Administrative Sciences. 2024; 28–45.
  • 4.  Krejcie RV, Morgan DW: Determining sample size for research activities. Educational and Psychological Measurement. 1970; 30(3): 607–610. Publisher Full Text
  • 5.  Gilbert C, Gilbert MA: Organizational and Leadership Aspects of Cybersecurity Governance. International Journal of Research Publication and Reviews. 2024; 5(12): 1174–1191.
  • 6.  Zaki H, Robbins S: The Influence of Cybersecurity on Human Resources Legal Practices and Ethical Standards.2024; 2–12. Reference Source
  • 7.  Ali B, Schaffer A: Cybersecurity Awareness in Human Resources: Bridging Theoretical Knowledge and Practical.2024; 2–14. Reference Source
  • 8.  Willie MM: The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture. Journal of Research Innovation and Technologies. 2023; 2(4): 179–198.
  • 9.  Shah MU, Farkhund I, Umair R, et al.: A comparative assessment of human factors in cybersecurity: Implications for cyber governance. IEEE Access. 2023; 1–17.
  • 10.  Mdlool AS, Mezher AA: The effect of continuous improvement in the quality of cybersecurity by mediating customer orientation. Al-Qadisiyah Journal for Administrative and Economic Sciences QJAE. 2022; 24(3): 60–79.
  • 11.  Ahene ARO, Zwilling M: The Influence of Cyber Security Implementation Strategy on Organizational Knowledge Management and Performance – A Case Study of Sinapi Aba Savings and Loans in Ghana. Digital transformation: The harmonic convergence of people, culture, process, and technology in the new normal. To Know Press; 2024; pp. 217–228.
  • 12.  Petrová K, Spatenka J, Vaclavík L: Assessment of cybersecurity in organizations: An empirical study of Czech and Slovak organizations. Journal of Eastern European and Central Asian Research. 2024; 11(3): 668–681.
  • 13.  Miah AR: Cybersecurity Training for Employees at the Organizational Level in Bangladesh.2024; 1–6. Reference Source
  • 14.  Nasiri S, Shahram S, Aynaz S, et al.: Cybersecurity in Action: Unraveling the Effects of Individual, Social, and Organizational Determinants. Tehnički glasnik. 2024; 20.1–20.10.
  • 15.  Burrell DN, Sharon LB, Calvin B, et al.: the managerial ethical and operational challenges of hospital cybersecurity. IGI Global. 2023; 444–458.
  • 16.  Saeed SD: Workplaces and Information Security Behavior of Business Employees: An Empirical Study of Saudi Arabia. Sustainability. 2023; 2–20.
  • 17.  Naqvi SG, Mughal MA, Shehzad K, et al.: Organizational environment, protection motives, adoption of machine learning, and cybersecurity behavior. Journal of Excellence in Social Sciences. 2024; 11–25.
  • 18.  Aldabjan A, Steven F, Xavier C, et al.: Cybersecurity Incident Response Readiness in Organisations. Proceedings of the 10th International Conference on Information Systems Security and Privacy (ICISSP 2024). 2024; pp. 262–269.
  • 19.  Ali H, Gasmin S: Evaluating the Impact of Cybersecurity Principles on Human Resources Laws Compliance.2024; 1–15. Reference Source
  • 20.  Waiganjo I, Osakwe J, Azeta A: Impediments to Cybersecurity Policy Implementation in Organisations: Case Study of Windhoek, Namibia. International Journal of Research and Scientific Innovation (IJRSI). 2024; 540–546.
  • 21.  Neri M, Federico N, Luigi M: Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment. Emerald Publishing Limited; 2023; pp. 2–16.
  • 22.  Waiganjo IH, Jude O, Ambrose A: The Four Processes of an Effective Cyber Security Policy.2024; 258–270. Reference Source
  • 23.  Dorairajan V: Cybersecurity and Organizational Performance-the Interplay. ARPHA Conference Abstract. 2024; pp. 1–4.
  • 24.  Olusegun J, Adeoye I, John K: Revolutionizing Cybersecurity with Artificial Intelligence: Challenges and Opportunities.2024; 1–15. Reference Source
  • 25.  Mujawar S, Gaurav G, Shanthi K, et al.: The Impact of Government Regulations on Cyber Security Policy Development. Computer Fraud and Security. 2024; 105–113.
  • 26.  Ibikunle BQ, Hassan IK, Hunga V: Government Policies and Cyber Security in Africa: The Nigerian Perspective in the Post-COVID-19. International Journal of E-Government & E-Business Research. 2023; 8: 20–30.
  • 27.  Sidani O, Taher H, Houshaimi M: The impact of the institutional absorptive capacity on public debt in aid-recipient MENA countries. Edelweiss Applied Science and Technology. 2024; 8(6): 8421–8430.
  • 28.  Jallad MN, Karadas G: Entrepreneurial Orientation and Performance Outcomes in Palestinian SMEs: The Role of Absorptive Capacity and Industry Type. Sustainability. 2024; 2–22.
  • 29.  Kim K, Seo EH, Kim CY: The Relationships between Environmental Dynamism, Absorptive Capacity, Organizational Ambidexterity, and Innovation Performance from the Dynamic Capabilities Perspective. Sustainability. 2025; 2–28.
  • 30.  Herath HMA, Mahmood R: Strategic Orientations and SME Performance: Moderating Effect of Absorptive Capacity of the Firm. Asian Social Science. 2014; 10(13): 95–107.
  • 31.  Senivongse C: Competency Profiling of Organization’s Absorptive Capacity Development. Interested in publishing with us department. 2023; 1–24.
  • 32.  Tan A: The Effect of Social Capital and Absorptive Capacity through Knowledge Management on Finance Company Performance in Indonesia.2018; 87–101.
  • 33.  Carvalho JRM, Willian VT, Enyedja KMC: Organizational Performance of a Public Higher Education Institution: An Analysis from the Perspective of Absorptive Capacity and Innovation. International Journal of Business and Management. 2022; 17(12): 101–113.
  • 34.  Ni C, Abdullah NL: Research on absorptive capacity in the green context: a bibliometric and visualization analysis. Cogent Business & Management. 2025; 12(1): 1–21.
  • 35.  Min WZ, Ling KC, Tan HP: The Effects of Technological Innovation, Organizational Innovation and Absorptive Capacity on Product Innovation: A Structural Equation Modeling Approach. Asian Social Science. 2016; 12(1): 199–222.
  • 36.  Saragih L, Ginting P, Absah Y, et al.: Enhance EcoHandloom Product Performance Through Entrepreneurial Orientation and Absorptive Capacity for Sustainable Fashion Development. SDGs Review. 2025; 5: 1–17.
  • 37.  Ali NYZ: The effect of Organizational immune systems on crisis management strategies. A Field Study on Egyptian Universities. 2024; pp. 80–119.
  • 38.  Alshawabkeha ZA: The impact of governance on strengthening organizational immunity in greater Madaba municipality: A Case Study. Management Science Letters. 2021; 1881–1892.
  • 39.  Abunaser FM, Wajeha TA, Houda AA: Understanding Academic Loyalty and Organizational Immunity in Higher Education Institutions: Faculty Perspective. Journal of Namibian Studies. 2023; 434–461.
  • 40.  Hashem T: The Role of Marketing Knowledge Sharing in Building Organizational Immunity. Proceedings of the 24th European Conference on Knowledge Management (ECKM). 2023; pp. 533–540.
  • 41.  Majeed OR, Lafta BS: The effect of organizational immunity in enhancing the strategic capabilities of the company: an applied study on the Iraqi general insurance company. International Journal of Health Sciences. 2022; 6(S6): 7016–7035.
  • 42.  Liao S: The Relationship among Knowledge Management, Organizational Learning, and Organizational Performance. International Journal of Business and Management. 2009; 64–76.
  • 43.  Issah O, Makafui RA, Obiri YH, et al.: Reverse Logistics Practices and Organizational Performance. The Moderating Role of Organizational Learning Capabilities. International Journal of Supply Chain and Logistic. 2024; 8(4): 60–84.
  • 44.  Ballenas GJ, Tidong YP, Granaderos RD, et al.: Research Culture and Organizational Learning on Professional Development of Secondary Teachers. American Journal of Educational Research. 2023; 11(9): 580–593.
  • 45.  Toulabi Z, Mehdi D, Hamid RAT: A Survey of the Relationship between Organizational Memory and Organizational Learning in Public Organizations of Kerman. International Business Review. 2013; 6(1): 90–96.
  • 46.  Hamad AS, Amin SEM: The role of ethical leadership behaviors in enhancing organizational immunity: An analytical study of the opinions of a sample of managers of government banks in the city of Erbil. Tikrit Journal of Administrative and Economic Sciences. 2023; 19(64): 233–255.
  • 47.  Hadger D, Amina M: The use of organizational DNA in discriminating innovative organizations (case study of private Algerian enterprises). Journal of Contemporary Business and Economic Studies. 2023; 6(2): 246–260.
  • 48.  Nafei W: The Role of Organizational DNA in Improving Organizational Performance: A Study on the Industrial Companies in Egypt. International Business Review. 2015; 8(1): 117–131.
  • 49.  Nawahda NSM, Al-Sarayrah AAM: Effectiveness of Organizational DNA in achieving pioneering performance through the Quality of Work life in Jordanian Commercial Banks. Journal of Positive School Psychology. 2022; 6(3): 9784–9798.
  • 50.  Kankwende P: Cybersecurity in the modern age: Protecting digital assets. International Journal of Scientific Engineering and Research. 2024; 1–14.
  • 51.  Alrubaye LRK, Qammach NIJ: Questionnaire and Data for Organizational cybersecurity and its impact on organizational immunity. An analytical study at the Ministry of Education Iraq.General Directorate of Educational Planning. [Data set]. Zenodo. 2025. Publisher Full Text

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 29 Jan 2026
Comment
Author details Author details
Competing interests
Grant information
Article Versions (1)
Copyright
Download
 
Export To
metrics
Views Downloads
F1000Research - -
PubMed Central
Data from PMC are received and updated monthly.
 - -
Citations
SEE MORE DETAILS
CITE
how to cite this article
Alrubaye LRk and Nada Ismaeel Jabbouri Q. Organizational cybersecurity and its impact on organizational immunity-An analytical study at the Ministry of Education Iraq/ General Directorate of Educational Planning [version 1; peer review: awaiting peer review]. F1000Research 2026, 15:141 (https://doi.org/10.12688/f1000research.175125.1)
NOTE: If applicable, it is important to ensure the information in square brackets after the title is included in all citations of this article.
track
receive updates on this article
Track an article to receive email alerts on any updates to this article.

Open Peer Review

Current Reviewer Status:
AWAITING PEER REVIEW
AWAITING PEER REVIEW
?
Key to Reviewer Statuses VIEW
ApprovedThe paper is scientifically sound in its current form and only minor, if any, improvements are suggested
Approved with reservations A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
Not approvedFundamental flaws in the paper seriously undermine the findings and conclusions

Comments on this article Comments (0)

Version 1
VERSION 1 PUBLISHED 29 Jan 2026
Comment

Open Peer Review

Reviewer Status

AWAITING PEER REVIEW

Comments on this article

All Comments(0)

Add a comment
Sign up for content alerts

Browse by related subjects

    Alongside their report, reviewers assign a status to the article:
    Approved - the paper is scientifically sound in its current form and only minor, if any, improvements are suggested
    Approved with reservations - A number of small changes, sometimes more significant revisions are required to address specific details and improve the papers academic merit.
    Not approved - fundamental flaws in the paper seriously undermine the findings and conclusions
    Sign In
    If you've forgotten your password, please enter your email address below and we'll send you instructions on how to reset your password.

    The email address should be the one you originally registered with F1000.
    Email address not valid, please try again

    You registered with F1000 via Google, so we cannot reset your password.

    To sign in, please click here.

    If you still need help with your Google account password, please click here.

    You registered with F1000 via Facebook, so we cannot reset your password.

    To sign in, please click here.

    If you still need help with your Facebook account password, please click here.

    Code not correct, please try again
    Email us for further assistance.
    Server error, please try again.