F1000ResearchF1000Research2046-1402F1000 Research LimitedLondon, UK10.12688/f1000research.175125.1Research ArticleArticlesOrganizational cybersecurity and its impact on organizational immunity-An analytical study at the Ministry of Education Iraq/ General Directorate of Educational Planning
[version 1; peer review: 1 approved with reservations]
AlrubayeLuay Radhi KhaleefahConceptualizationFormal AnalysisInvestigationMethodologyProject AdministrationVisualizationWriting – Original Draft Preparationhttps://orcid.org/0009-0003-7097-2112a1Nada Ismaeel JabbouriQammachResourcesSupervisionValidationWriting – Review & Editing2
General Directorate of Administrative Affairs, Ministry of Education, Baghdad, Baghdad, Iraq
University of Baghdad Al-Waziriya Campus College of Administration and Economy, Baghdad, Baghdad Governorate, IraqDrloayalrubaie@gmail.com
This research addressed organizational cybersecurity, which has emerged as a critical element in the digital age and has become a strategic issue for organizations working to protect user assets against security risks in the cyber environment. And Organizational immunity includes the policies and procedures adopted by an organization to protect its core values and correct performance deviations. The research purpose on studying the impact of organizational cybersecurity on organizational immunity at the Iraqi Ministry of Education/General Directorate of Educational Planning. There is a need to study this relationship to better understand how organizations can strengthen their capabilities in an advanced digital environment.
Methods
The research adopted a descriptive analytical approach, whereby 95 questionnaires were distributed and data was collected from 85 respondents, ready for statistical analysis. The data was analyzed using statistical tools (SPSS V.28&smartpls4) to verify the scale and analyze the relationships between variables.
Results
indicate that the level of organizational cybersecurity implementation was first in relative importance, while organizational immunity came in second, and there is an impact relationship between organizational cybersecurity and organizational immunity, which reinforces the fundamental role of the General Directorate of Educational Planning in maintaining business continuity and limiting the impact of cyberattacks.
Conclusion
The research concludes that organizational cybersecurity plays an important role in enhancing organizational immunity, as the application of cybersecurity tools would enhance the role of the General Directorate of Educational Planning and its ability to withstand cyber threats, strengthen digital measures, improve protection, and ensure business continuity in the digital environment.
Organizational cybersecurityOrganizational immunityGeneral Directorate of Educational PlanningThe author(s) declared that no grants were involved in supporting this work.1. Introduction
With the acceleration of the pace of technological development of information and the era of digitization of organizations and the transfer of many commercial and daily activities around the world via the Internet, the importance of cybersecurity has increased, as it has become an essential pillar to protect critical infrastructures and sensitive data, especially with the continuous spread of information breaches in both governmental and private institutions as well as the damage and sophisticated threats resulting from this in the cyber landscape, which requires institutions at different levels to develop strategies to mitigate threats, so it is necessary for institutions to build a model of cybersecurity culture to educate the From the above, A review of previous studies showed that most of them focused on the purely technical aspect of cybersecurity and rarely addressed the organizational aspect. Therefore, there is a need to fill the research gap by addressing the relationship between organizational cybersecurity and organizational immunity in government organizations, particularly in the education sector, through conducting an analytical study in the General Directorate of Educational Planning, which was chosen because it is a vital directorate in the Ministry of Education that relies on information systems used in administration, planning, and communications, which makes it vulnerable to cyber threats. In addition, it was found that there was no study that addressed the research variables in the Directorate of Educational Planning, which gives the research scientific, practical, and cognitive value.
The research was divided into several axes, as the first axis dealt with the methodological framework of the research, while the second axis reviewed the theoretical framework of organizational cybersecurity and organizational immunity, and the third axis focused on analyzing data and testing research hypotheses to reach results that clarify the impact of cybersecurity on organizational immunity in the Directorate of Educational Planning, and the research concluded by presenting the conclusions and recommendations of the research.
2. Research methodology2.1 Research problem
The diversity of digital systems and technological applications, as well as the use of artificial intelligence systems and advanced technologies in strategic decision-making, has posed a technological challenge for the General Directorate of Educational Planning to keep pace with these developments, in addition to its increasing needs to address security challenges that threaten the integrity of the Directorate’s data and information infrastructure. Therefore, the research problem emerged from the limited awareness and application of organizational cybersecurity technologies and their role in strengthening the organization’s immunity.
The main purpose of the research is to explain organizational cybersecurity and its impact on organizational immunity in the General Directorate of Educational Planning.
This might be accomplished by answering the subsequent inquiries:-
What is the status of organizational cybersecurity and the implementation of organizational immunity in the General Directorate of Educational Planning?
What is the level of impact of organizational cybersecurity on achieving organizational immunity?
2.2 Research importance
The importance lies in the following points:-
Its importance is highlighted by presenting a new model that takes into account the nature of the relationship between organizational cybersecurity and organizational immunity for the purpose of bridging the knowledge gap, with the aim of improving sustainable performance in government institutions, which in turn is reflected in their services.
The research contributes to enriching the scientific literature in the field of organizational cybersecurity and organizational immunity.
It benefits from the nature of the relationship between the research variables in providing decision-makers at the General Directorate of Educational Planning with actionable recommendations to raise the level of cybersecurity protection, reduce it, and address weaknesses in the cyber infrastructure.
2.3 Research objectives
The current research seeks to achieve the following:-
Measure the level of organizational cybersecurity and organizational immunity in the General Directorate of Educational Planning.
Analyze and test the statistical correlation between organizational cybersecurity and organizational immunity based on the specified indicators.
Presenting a set of practical findings and recommendations to enhance the level of organizational cybersecurity and immunity within the General Directorate of Educational Planning.
2.4 Research model
The research design reflects the research problem, objectives, and significance by revealing the relationship between two variables:
Organizational cybersecurity as an independent variable and organizational immunity as a dependent variable, as shown in
Figure 1.
Research conceptual model.
2.5 Research hypotheses
Ho.1: There is no significant impact of organizational cybersecurity on organizational immunity: -
Ho1.1: The first sub-hypothesis: There is no significant impact of training and organizational policies in organizational immunity.
Ho1.2: Second sub-hypothesis: There is no statistically significant impact of organizational effectiveness and government policies in organizational immunity.
Ho1.3: The third sub-hypothesis: There is no significant impact of the dimension of absorptive capacity in organizational immunity.
Ho.2: Second hypothesis: There is no significant Impact Organizational cybersecurity together in organizational immunity.
2.6 Research methodology and measurement
The research adopted a descriptive analytical approach and used a questionnaire as a data collection tool, which included 24 items reflecting the research variables (organizational cybersecurity and organizational immunity). In addition, it adopted measures from recent Arab and foreign sources, using a five-point Likert scale (strongly agree, agree, somewhat agree, disagree, strongly disagree).
Table 1 illustrates Research terms and scale.
Research terms and scale.
Variables and dimensions of the study
Code
The number of questions
Scale source
Training and organizational policies
TAO
4
[
1]
Organizational effectiveness and government policies
OEAGP
4
Absorptive capacity
AC
4
Organizational cybersecurity
OC
12
Organizational learning
OL
4
[
2]
[
3]
Organizational memory
OM
4
Regulatory genes
RG
4
Organizational immunity
OI
12
Prepared by researchers.
2.7 Research community and sample
The Ministry of Education/General Directorate of Educational Planning was selected as the field of application, and the research sample was a purposive stratified sample of directors and officials in the directorate. The statistical table Krejcie&Morgan
4 was used to determine the sample size, as a simple random sampling method was adopted with a distribution of 95 questionnaires. Eighty-five questionnaires were valid for statistical analysis, representing 89% of the distributed questionnaires, which is a high and statistically acceptable percentage.
2.8 Assessing the quality of measures
Organizational Cybersecurity Model
Figure 2 shows the questions of the dimensions of the organizational cybersecurity model, which consisted of three main dimensions (training and organizational policies, organizational effectiveness and governmental policies, and absorptive capacity). With a total of (12) questions, the table also showed the composite stability values (CR) for the dimensions of the organizational cybersecurity variable (0.898, 0.826, 0.831), which are within statistically acceptable limits (> 0.70), which indicates a high level of stability and confirms the quality of the scale, and the results showed that Cronbach’s alpha coefficient for the dimensions of the variable amounted to (0.833, 0.836, 0.896). (0.836, 0.896), which is higher than the accepted normative value (0.70), reflecting high internal consistency between paragraphs, in addition, the values of the average variance of the extract (AVE) for the organizational cybersecurity variable came within the acceptable range, reaching (0.564, 0.552, 0.690), exceeding the required minimum threshold (0.50). The results indicate that the sub-dimensions contribute significantly to explaining the total variance of the variable, which enhances the reliability of the model and its ability to explain the relationships between its components.
Table 2 shows the values of the estimates of the organizational cybersecurity model, where they ranged between (0.659-0.890), indicating that all paragraphs have a significant Impact on the dimensions of the model. The results of the (t) test also showed that the values ranged between (5.658-9.887), all of which are greater than the tabular value of (t) of (1.984) at the significance level (0.05). This reflects the high statistical reliability of the items and sufficient support for adopting the finalized model in subsequent statistical analysis.
Organizational immunity
As can be seen in
Figure 3 which presents the questions of the dimensions of the organizational immunity model, namely (organizational learning, organizational memory, regulatory genes), with a total of (12) questions, and as shown in
Table 3 the values of the composite stability coefficient (CR) for the dimensions of the organizational immunity variable (0.888, 0.890, 0.867), which are within the acceptable limits (> 0. 70). The results also showed that the values of Cronbach’s alpha coefficient for the same dimensions were (0.883, 0.892, 0.868), which also exceeds the accepted normative value (0.70), and indicates the existence of internal consistency between paragraphs, and the values of the average variance extracted (AVE) came within acceptable limits, amounting to (0.660, 0.670, 0.610), exceeding the required minimum threshold (0.50). These findings show that the sub-dimensions have a major role in understanding the organizational immunity variable’s overall variation as well as the model’s dependability and ability to effectively describe the relationships between its dimensions.
Table 3 showed the values of the estimates for the paragraphs of the organizational immunity model, which ranged between (0.691-0.913), indicating that all paragraphs have a significant Impact within the model. The (t) values, which ranged from (6.589-9.922), were all greater than the tabular value of (t) of (1.984) at a significance level of (0.05), which is a sufficient indicator for adopting the model in its final formulation in subsequent statistical analysis.
Organizational cybersecurity model.
Estimates for the dimensions of the organizational cybersecurity variable.
Questions
Estimate
T values
P values
Cronbach's alpha)
Composite reliability
(AVE)
AC1 <- AC
0.689
n/a
n/a
0.833
0.831
0.564
AC2 <- AC
0.730
6.150
0.000
AC3 <- AC
0.886
7.211
0.000
AC4 <- AC
0.680
5.658
0.000
OEAGP1 <- OEAGP
0.753
n/a
n/a
0.836
0.826
0.552
OEAGP2 <- OEAGP
0.769
7.054
0.000
OEAGP3 <- OEAGP
0.659
5.962
0.000
OEAGP4 <- OEAGP
0.785
7.163
0.000
TAO1 <- TAO
0.822
n/a
n/a
0.896
0.898
0.690
TAO2 <- TAO
0.808
8.579
0.000
TAO3 <- TAO
0.890
9.887
0.000
TAO4 <- TAO
0.799
8.381
0.000
Source: Smart Pls.4.
Organizational immunity model.
Estimates for the dimension of the organizational immunity variable.
Questions
Estimate
T values
P values
Cronbach's alpha)
Composite reliability
(AVE)
OL1 <- OL
0.778
n/a
n/a
0.883
0.888
0.660
OL2 <- OL
0.847
8.792
0.000
OL3 <- OL
0.696
6.761
0.000
OL4 <- OL
0.913
9.537
0.000
OM1 <- OM
0.776
n/a
n/a
0.892
0.890
0.670
OM2 <- OM
0.835
8.586
0.000
OM3 <- OM
0.796
8.061
0.000
OM4 <- OM
0.865
8.912
0.000
RG1 <- RG
0.820
n/a
n/a
0.868
0.867
0.610
RG2 <- RG
0.884
9.922
0.000
RG3 <- RG
0.713
6.941
0.000
RG4 <- RG
0.691
6.589
0.000
Source: Smart Pls.4.
2.9 Statistical methods of research
A set of statistical methods was adopted to provide statistical analysis of the research results and test its hypotheses. These methods included (confirmatory factor analysis, arithmetic mean, and standard deviation, coefficient of variation, relative importance, correlation coefficient, and linear regression analysis).
3. Theoretical framework3.1 Concept of organizational cybersecurity
The phrase cybersecurity refers to a broader range of procedures and guidelines that shield computer networks and systems from threats and incursions of any kind in cyberspace.
1 Cybersecurity is a very critical business challenge in the digital era and establishes effective policies for organizations to protect their assets and comply with regulatory mandates to enhance stakeholder confidence.
5 Cybersecurity is also a critical element of an organization’s management that affects organizational strategies in a comprehensive ways.
6 Integrating cybersecurity principles into organizational practices (OPs) improves organizational resilience by embedding security determinants into daily operations, and resource management empowers employees by prioritizing cybersecurity in their professional responsibilities.
7 Additionally, studies reveal that a cybersecurity culture dramatically lowers the probability of successful cyberattacks. Employees who believe that cybersecurity is a significant part of the company culture are more likely to follow security procedures and feel more accountable for safeguarding the company’s resources.
8
Cybersecurity is also known as the prevention of cybercrime, as the awareness of information security is playing a key role in preventing cybercrime.
9 The concept of organizational cybersecurity may be defined as protecting computer systems from theft or corruption of their hardware, software or databases from disrupting the operations and services provided by the organization to the community.
10 It is also known to be an external variable that may take into account directives that protect information technology and computer systems for the purpose of forcing companies to protect their systems and information from cyber threats and data breaches.
11 According to Petrova et al.,Cyber security and information security are strongly related and overlap in some respects, but they are not the same, as information security is generally focusing on the protection of information and cyber security is one of its components, while cyber security focuses specifically on protecting information in cyberspace.
12
3.2 Dimensions of organizational cybersecurity
When reviewing the literature related to the topic of organizational cybersecurity.
It was noted that there was a lack of clear guidance from researchers explaining the dimensions of this term. Therefore, we will rely on the dimensions identified by a study
1:-
Cybersecurity training and organizational policies
Cybersecurity training is an indispensable aspect for employees, as it helps to ensure the security of the organization.
13 Organizations need cybersecurity training and Awareness with a focus on teaching employees to act according to certain IT security principles and objectives.
14 Cybersecurity awareness training includes implementing regular training sessions to teach employees about the latest cybersecurity threats, best practices, and the organization’s policies and procedures.
15 Fostering a culture of knowledge sharing among employees coupled with training can improve organizational resilience against security vulnerabilities.
16 Good security-related policies promote a more cohesive and standardized approach to cybersecurity within organizations.
17 It is essential for HR departments to include training as an essential part of employee onboarding in order to ensure an adequate level of competence in dealing with threats and incidents.
18 Regular training sessions and awareness programs enable employees to recognize potential threats, adhere to security policies, and adopt safe behaviors in their daily work routine.
19
In addition, policies in the field of cybersecurity constitute a set of legislation, programs and procedures formulated by a governing body within the organization, and these policies serve as regulatory frameworks that define protocols and standards to be followed to protect information and physical assets from potential threats, and policies are necessary to strengthen cyber defenses and mitigate vulnerabilities and potential attacks in the digital domain.
20 A cybersecurity policy has a positive impact on employees’ beliefs and behavior directed towards cybersecurity.
21 Developing a comprehensive cybersecurity policy is a strategic answer to protect organizational data and information, and it establishes a framework for employees to follow security measures and enforce compliance with cybersecurity standards.
22
Organizational Effectiveness and Government Policies
In the age of rapid digitization of organizations, cybersecurity has emerged as an integral part of organizational safety and effectiveness, which includes not only maintaining the confidentiality, integrity, and availability of digital assets but also establishing an organizational cybersecurity culture and thus human behavior.
23 Cybersecurity has become an essential pillar for protecting infrastructure, sensitive data, and individual privacy.
24
The capacity of organizations to deal with cybersecurity can be enhanced by complying with standards, laws, and government regulations that can enhance an organization’s ability to defend against cyberattacks.
18 The governments around the world have also recognized the need for formal regulations to protect sensitive data and critical infrastructure.
25 Government policy is the result of a set of activities that operate within an environment where government policy makers determine what to do and what not to do, and addressing issues related to cybercrime and threats is a priority for every government.
26
Absorptive Capacity
The theory of absorptive capacity was developed by Cohen and Levinthal (1990) to explain the structural readiness and ability of organizations to engage in new ideas and recognize the value of improvements and innovation.
27 According to Cohen, an organization’s ability to stay competitive in quickly changing industries depends on its ability to absorb and acquire new knowledge. Businesses with high absorptive capacity are also better equipped to comprehend and react to environmental issues and changes in the market and environment, which makes their operations flexible and sustainable.
28 Absorptive capacity supports an organization’s development of learning. Companies that excel in absorptive capacity create an environment where continuous learning and knowledge sharing are embedded in the organizational culture.
29 Cohen and Leventhal define the term “absorptive capacity” as an organization’s capacity to gather, assimilate, and apply fresh outside information to give the business a competitive edge
30–
32 and Zahra and George (2002) defined it as a set of routine organizational procedures and processes through which organizations acquire, absorb, transform and apply knowledge to produce dynamic organizational capacity.
33,
34 Kim defined it as the ability to learn and solve problems.
35 It also refers to an organization’s ability to absorb, learn, integrate and assimilate external knowledge within the organizational context.
36
3.3 Organizational immunity
Dejos (1997) was the first to introduce the term organizational immunity systems in the business management literature, as he mentioned it in a narrow context in which he discussed the concept of organizational culture, calling for the need to deal with organizations as a living organism that can adapt and interact with the surrounding environment and overcome its threats so that it can survive.
37 Management scholars also use this medical term in organizations because the organization is similar to a living organism, and it has been defined as a social entity whose main purpose is to form a defensive system for the organization to face the risks that may threaten its survival or affect its work.
38 The immune system in organizations is considered a vital device that works to counter any harmful influences that try to create negative influences and disturbances that lead to the deviation of the organization’s path from its desired goals.
39 Organizational immunity is defined as the ability to protect and defend itself, either by preventing or overcoming weaknesses and threats or by removing them, avoiding them, preventing their growth or stopping their effects.
40 It may also be described as an integrated work system that seeks to utilize the resources at hand in order to preserve the organization’s stability and safeguard it against dangers.
2 It Refers Majeed & Lafta a collection of regulations, guidelines, and policies that rely on a collection of people and procedures to create a wall that keeps the company from straying from the course necessary to accomplish its objectives, regardless of whether the departure is due to internal or external factors.
41
3.4 Dimensions of organizational immunity
The dimensions of organizational immunity were determined according to the study Refs.
2 &
3:-
1- Organizational learning: It is a multidimensional latent construct that includes managerial commitment, systems perspective, openness, experimentation, knowledge transfer and integration.
42 It refers to the organizational capacity to learn the attributes, practices and issues within the organization that facilitate learning processes, including generating, acquiring, disseminating and integrating knowledge and modifying behaviors to reflect new cognitive insights to improve performance.
43 Organizational learning refers to the process by which an organization or group of professionals collectively acquire, share, and apply knowledge to improve its performance and adapt to changing circumstances.
44
2- Organizational memory: It is the means by which knowledge from the past is brought into current organizational activities and provides the knowledge needed to perform the current functions of the organization.
45 It is an appropriate metaphor that can be used to define the knowledge and information that an organization possesses and the processes it uses to store and retrieve it when needed.
3 It is defined as the process by which data or information that is stored is processed through various mechanisms related to this process.
46
3- Regulatory genes: is a modern management technique that analyzes the internal characteristics of organizations based on the principle that every organization is like a living organism, with genetic traits that distinguish it from other organizations. The term “organizational DNA” was coined by Booz Hamilton, which sought to provide organizations with an easy and accessible way to identify and address the problems and difficulties that hinder and affect their success.
47 Organizational DNA has an effective role in defining organizations and leading management functions such as decisions, organizational structure, teamwork and communication.
48 Organizational DNA is regarded as one of the most important aspects of management since it influences employee behavior and, consequently, the organization’s performance. It also helps to identify the organization’s strengths and weaknesses, forecast employee behavior and performance, and develop work expectations that inform institutional and individual decisions and ensure the organization’s sustainability.
49
3.5 The relationship between organizational cybersecurity and organizational immunity
Effective cybersecurity management enhances business operations and enables companies to turn cybersecurity into a competitive advantage by adopting proactive cybersecurity measures that not only protect assets but also assure business partners and customers of the company’s commitment to security. This can lead to smoother business transactions and partnerships and enhance trust across business networks.
23 The importance of cybersecurity has been highlighted by the increasing frequency and severity of cyberattacks, especially since the financial impact of these breaches is significant, with costs extending beyond immediate damages to include long-term effects such as loss of business, legal fees, and regulatory fines.
50 In addition, the role of organizational cybersecurity is not limited to protecting information systems, but also enhances their ability to adapt and withstand risks, thereby strengthening the organization’s immunity. Ali, points out that the organizational immune system consists of people, policies, procedures, processes, culture, and modern and sophisticated systems and mechanisms that act as a strong barrier to counter external threats and address weaknesses within the organization, through which the organization maintains its integrity in an environment fraught with potential consequences.
37
From the above, organizational cybersecurity provides a line of defense that reduces information leaks and impacts on operational processes; thereby creating an environment that is responsive to potential risks and promotes a culture of organizational immunity. On the other hand, organizational immunity increases the efficiency of organizational cybersecurity by providing a flexible management framework to accommodate technological developments and continuously update them. Thus, the relationship between the two is complementary, organizational cybersecurity enhances the organization’s ability to face risks and threats, and organizational immunity provides the necessary administrative support through planning and continuous improvement, thereby reducing operational losses and increasing the organization’s efficiency.
4. Materials and method
The study reviews the statistical analysis data to describe the research variables as follows:-
4.1 Descriptive analysis of research variables
Descriptive analysis and interpretation of the sample respondents’ answers to the organizational cybersecurity and organizational immunity statements are presented in this study as follows:-
Descriptive analysis of Organizational Cybersecurity:-
Table 4 indicates and
Figure 4 the results of a descriptive analysis of the dimensions of organizational cybersecurity, as the arithmetic mean of the dimension of training and organizational policies (3.365) with standard deviation (0.931) and a coefficient of variation (27.67%),which indicates relative stability in the responses of the sample towards this dimension, ranking third in relative importance, This dimension needs to be developed along with clear and strengthened training policies, while the dimension of organizational effectiveness and government policies, recorded an arithmetic mean (3.438) and a standard deviation (0.869) and a coefficient of variation (25.29%), ranking second in relative importance. While the absorptive capacity dimension recorded a mean of (3.397), standard deviation (0.838) and coefficient of variation (24.68%), ranking first among the dimensions in terms of relative importance. The organizational cybersecurity dimension achieved the highest level of stability in the sample responses with an arithmetic mean of (3.400), standard deviation (0.795) and coefficient of variation (23.40%), ranking first among the dimensions by relative importance which reflects a high perception of the importance of this dimension.
Descriptive analysis of Organizational immunity
Table 4 shows and
Figure 5 the descriptive results of the dimensions of the organizational immunity variable, as the organizational learning dimension came with an arithmetic mean of (3.238), standard deviation (0.948) and coefficient of variation (29.27%), ranking third in relative importance, which reflects a relatively moderate response by the sample towards this dimension. Therefore, the Directorate should enhance institutional learning and continuous professional development programs. while the organizational memory dimension recorded an arithmetic mean of (3.306), standard deviation (0.955) and coefficient of variation (28.88%), ranking second in relative importance, indicating an advanced perception of the importance of this dimension, while the dimension of regulatory genes achieved the highest arithmetic mean of (3.462) with standard deviation (0.864) and coefficient of variation (24.95%). This indicates a higher stability of the sample’s responses, which qualified it to occupy the first place in relative importance, This means that the directorate has a work culture and values regarding employee behavior., and considering the organizational immunity variable as a whole, it recorded an arithmetic mean of (3.335), standard deviation (0.861) and coefficient of variation (25.82%), ranking second in the overall ranking of the studied dimensions, an indicator of the sample’s advanced awareness of the importance of this variable in the organizational work environment.
Descriptive statistics for research variables and dimensions.
Dimensions of research variables
Mean
deviation
Coefficient of variation
Relative importance
Organizational Training and Policy
3.365
0.931
27.67
3
Organizational Effectiveness and Government Policy
3.438
0.869
25.29
2
Absorptive Capacity
3.397
0.838
24.68
1
Organizational Cybersecurity
3.400
0.795
23.40
first
Organizational Learning
3.238
0.948
29.27
3
Organizational Memory
3.306
0.955
28.88
2
Regulatory Genes
3.462
0.864
24.95
1
Organizational Immunity
3.335
0.861
25.82
second
Source: SPSS V.28
.
Shows the descriptive statistics for the dimensions of the organizational cybersecurity variable.
Shows the descriptive statistics for the dimensions of the organizational immunity variable.
4.2 Testing the hypotheses of the research
The study presents the findings from the statistical examination of the research hypotheses in the following manner:-
Testing the first main hypothesis:
(There is no a Significant Impact of Organizational Cybersecurity on Organizational Immunity).
Table 5 shows and
Figure 6 that the relationship between organizational cybersecurity and organizational immunity was strong and statistically significant, as the correlation coefficient (R) between them reached (0.886), This means that increased organizational cybersecurity is linked to increased immunity within the directorate, which is a high value indicating a strong positive correlation between the two variables, and the value of the coefficient of determination (R
2) of (0.785) showed that organizational cybersecurity explains 78.5% of the total variance in organizational immunity, This indicates that organizational cybersecurity is not merely a preventive or technical measure, but rather a crucial element in enhancing the capabilities of the General Directorate of Educational Planning, in addition, the adjusted (R
2 Adj) value amounted to (0.782), which reflects the stability of the model when generalizing the results to the statistical community, while the (F) test recorded a value of (303.081), which is significantly greater than the tabular value of (F) at the significance level (0.05), with a significant value (Sig = 0.000), which indicates the significance of the model as a whole, the results also showed that the calculated (t) value for the organizational cybersecurity variable was (17.409), which is greater than the tabular value of (t) of (1.984) at the level of significance. level (0.05), and the value of the regression coefficient (β) indicates that increasing organizational cybersecurity by one unit leads to an increase in organizational immunity by (95%), reflecting a strong and direct impact of the independent variable on the dependent variable.
Examining the sub-hypotheses of the organizational cybersecurity dimensions in relation to organizational immunity, as indicated by
Table 6:-
The
Table 7 showed the results of the regression analysis between the dimensions of organizational cybersecurity in the organizational immunity variable, where the results revealed that there are significant and statistically significant impact for all dimensions.
Impact analysis between organizational cybersecurity on organizational immunity.
Independent variable
(t)
R
(R
2)
(R
2) Adj
(F)
Sig
Dependent variable
organizational cybersecurity
(α)
0.074
0.387
0.886
0.785
0.782
303.081
0.000
organizational immunity
(β)
0.950
17.409
Source: SPSS V.28.
Impact analysis between organizational cybersecurity on organizational immunity.
Sub-hypotheses of the Impact between the dimensions of organizational cybersecurity on organizational immunity.
Hypothesis code
Hypothesis
Decision
H11
There is a significant impact of the training dimension and organizational policies on organizational immunity
The alternative hypothesis is proven
H12
There is a significant impact of the dimension of organizational effectiveness and government policies on organizational immunity
The alternative hypothesis is proven
H13
There is a significant impact of the absorptive capacity dimension on organizational immunity
The alternative hypothesis is proven
Number of accepted null hypotheses
0
Number of alternative hypotheses accepted
3
Source: SPSS V.28.
Influence analysis between organizational cybersecurity dimensions on organizational immunity.
Dimensions of Organizational Cybersecurity
t
R
R
2
Adj
(R
2)
F
sig
Organizational immunity
Training and organizational policies
α
0.878
4.039
0.790
0.624
0.619
137.649
0.000
B
0.730
11.732
Organizational effectiveness and government policies
α
0.714
2.902
0.770
0.593
0.588
120.741
0.000
B
0.762
10.988
Absorptive capacity
α
0.382
1.818
0.847
0.717
0.713
209.883
0.000
B
0.869
14.487
Source: SPSS V.28.
4.3 Testing the second main hypothesis
(There is no a significant impact of organizational cybersecurity on organizational immunity)
Table 8 and
Figure 7 indicate the results of the impact analysis between the dimensions of organizational cybersecurity on organizational immunity, as the extracted F value achieved a value of (110.021) indicating that there is a significant impact between organizational cybersecurity on organizational immunity, This indicates the acceptance of the alternative hypothesis (there is a significant impact of organizational cybersecurity on organizational immunity),According to the R2 value (Adj) shows that the dimensions of organizational cybersecurity together were able to explain 79% of the changes in organizational immunity, The extracted (t) value of (3.037, 2.773, and 6.777), respectively, is greater than the tabulated (t) value of (1.984) and indicates that the impact of the parameter (β) for the dimensions (training and organizational policies, organizational effectiveness and government policies, absorptive capacity), is real as increasing the impact by one unit will increase organizational immunity by (23%, 22%, and 52%) respectively, As for the impact of the absorptive capacity dimension, the results showed that it has no significant impact on organizational immunity.
Impact analysis of the combined organizational cybersecurity dimensions on organizational immunity.
Dimensions of Organizational Cybersecurity
(α)
(β)
(t)
Sig.
(R) multiple
(R
2)
(R
2) Adj
(F)
Sig.
Tolerance
VIF
Training and organizational policies
0.010
0.234
3.037
0.003
0.896
0.803
0.796
110.021
0.000
0.350
2.861
Organizational effectiveness and government policies
(t)
0.221
2.773
0.007
0.375
2.664
absorptive capacity
.055
.5230
6.777
.0000
0.431
2.320
(F) tabular
2.70
(t) tabular
1.984
Number of accepted dimensions (Influential) = 3
Number of unacceptable (Non-influential) dimensions =0
Source: SPSS V.28.
Impact analysis of the combined organizational cybersecurity dimensions on organizational immunity.
As evidenced by the results of the multicollinearity test between organizational cybersecurity dimensions, the Tolerance values ranged between (0.350-0.431),They are all higher than the minimum acceptable threshold of (0.10), indicating that there is no serious issue of multicollinearity. As for the VIF values, they ranged between (2.320-2.861), which are all much lower than the recommended upper limit of (5), which reinforces the previous result and confirms that there is no issue of multicollinearity between the independent variables in the model.
In reviewing the research results, it was found that the organizational cybersecurity variable plays an important role in enhancing the organization’s immunity, especially in the work environment of the General Directorate of Educational Planning, as the high level of employee awareness will contribute to reducing cyber risks and threats and enhance business continuity and maintain the reliability of the Directorate’s systems and data. The results also showed that organizational cybersecurity has a significant impact on organizational immunity, rejecting the null hypothesis and accepting the first alternative hypothesis, as well as accepting the second alternative hypothesis that there is a significant impact between organizational cybersecurity and organizational immunity.
Therefore, the Directorate of Educational Planning must pay attention to the results, considering that organizational cybersecurity is an important technical element that contributes to building sustainable organizational immunity capable of responding efficiently to crises and threats.
4. Conclusions and Recommendations4.1 Conclusions
According to statistical data, the organizational cybersecurity variable’s dimensions had high stability coefficient values, and the organizational immunity scale’s dimensions also demonstrated stability, indicating the scale’s quality. As a result, the model is thought to be more trustworthy when describing how organizational immunity and cybersecurity are related.
When the organizational cybersecurity variable was descriptively analyzed, the mean result was (3.400) and came in first place in terms of relative importance, in terms of relative importance, while the organizational immunity variable achieved a mean of 3.335, ranking second in terms of relative importance, which indicates that there is good awareness and interest in the importance of these variables in improving, sustaining, and enhancing outstanding performance.
The research revealed that the correlation between organizational cybersecurity and organizational immunity was strong and statistically significant in the General Directorate of Educational Planning, confirming that digital practices directly contribute to enhancing its ability to cope with crises and difficulties in the organizational work environment.
There is impact between organizational cybersecurity and organizational immunity. The results also show that the dimension of “absorptive capacity” has no significant Impact on organizational immunity, which reinforces the essential role of the General Directorate of Educational Planning in maintaining business continuity and minimizing the impact of cyber-attacks.
4.2 Recommendations
The necessity for the Ministry of Education/General Directorate of Educational Planning to create cybersecurity policies and procedures that adhere to the most recent global standards for safeguarding digital infrastructure.
Work on training employees and organizing courses for them on technology to raise awareness of cyber threats and how to deal with them, which contributes to strengthening the organizational immunity of the General Directorate of Educational Planning.
Allocate adequate budgets to invest in cybersecurity infrastructure, including network protection devices, secure and advanced cloud solutions, and protection software to prevent any breaches that threaten its operating systems.
The need to integrate the organizational cybersecurity policy into the strategic planning of the General Directorate of Educational Planning and consider it a key part of governance and organizational prevention, as well as establishing partnerships with institutions specializing in cybersecurity to benefit from their expertise and information.
Conducting more future studies on organizational cybersecurity and organizational immunity in other health, industrial, and commercial institutions and comparing them with the results of the current research.
Ethical approval
The research was performed based on the ethical guidelines in the Ministry of Education Iraqi, which does not ethical require formal approval for social science studies that do not involve medical matters, personally identifiable information, or sensitive data. The Ministry does not have an Institutional Review Board for this type of research; therefore, no formal ethical approval or exemption was required, however, all ethical principles were adhered to.
Consent for participation
All participants in the research were informed of the purpose of their voluntary participation and the confidentiality of their responses, which were used for research purposes. All participants were adults and gave their informed consent verbally. The research used an anonymous questionnaire and did not collect any information that could identify them. In addition, written consent was not required for low-risk research.
Data availability statement
All research data are available under the terms of the
Creative Commons Attribution 4.0 International license (CC-BY 4.0) at:
https://doi.org/10.5281/zenodo.17924397.
51
Extended data statement
The questionnaire used in this research is available file on the Zenodo platform at the following link:
https://doi.org/10.5281/zenodo.17924397.
51 And may be reused under an open and free license.
ReferencesAl-SomaliSASaqrRRAsiriAM:
Organizational Cybersecurity Systems and Sustainable Business Performance of Small and Medium Enterprises (SMEs) in Saudi Arabia: The Mediating and Moderating Role of Cybersecurity Resilience and Organizational Culture.Sustainability.2024;16(5):2–25.
10.3390/su16051880IsmailHKSalehSN:
The role of regulatory immunity in enhancing marketing performance: A field study at Khan Bazaar Company-Dohuk.Journal of Economic Sciences.2024;19(74):43–75.AminMAMhaibesHA:
The Impact of Strategic Sensitivity on Organizational Immunity: An Analytical Research in the Iraqi Ministry of Education.Journal of Economics and Administrative Sciences.2024;28–45.KrejcieRVMorganDW:
Determining sample size for research activities.Educational and Psychological Measurement.1970;30(3):607–610.
10.1177/001316447003000308GilbertCGilbertMA:
Organizational and Leadership Aspects of Cybersecurity Governance.International Journal of Research Publication and Reviews.2024;5(12):1174–1191.ZakiHRobbinsS:
The Influence of Cybersecurity on Human Resources Legal Practices and Ethical Standards.2024;2–12.
Reference SourceAliBSchafferA:
Cybersecurity Awareness in Human Resources: Bridging Theoretical Knowledge and Practical.2024;2–14.
Reference SourceWillieMM:
The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture.Journal of Research Innovation and Technologies.2023;2(4):179–198.ShahMUFarkhundIUmairR:
A comparative assessment of human factors in cybersecurity: Implications for cyber governance.IEEE Access.2023;1–17.MdloolASMezherAA:
The effect of continuous improvement in the quality of cybersecurity by mediating customer orientation.Al-Qadisiyah Journal for Administrative and Economic Sciences QJAE.2022;24(3):60–79.AheneAROZwillingM:
The Influence of Cyber Security Implementation Strategy on Organizational Knowledge Management and Performance – A Case Study of Sinapi Aba Savings and Loans in Ghana.Digital transformation: The harmonic convergence of people, culture, process, and technology in the new normal.To Know Press;2024; pp.217–228.PetrováKSpatenkaJVaclavíkL:
Assessment of cybersecurity in organizations: An empirical study of Czech and Slovak organizations.Journal of Eastern European and Central Asian Research.2024;11(3):668–681.MiahAR:
Cybersecurity Training for Employees at the Organizational Level in Bangladesh.2024;1–6.
Reference SourceNasiriSShahramSAynazS:
Cybersecurity in Action: Unraveling the Effects of Individual, Social, and Organizational Determinants.Tehnički glasnik.2024;20.1–20.10.BurrellDNSharonLBCalvinB:
the managerial ethical and operational challenges of hospital cybersecurity.IGI Global.2023;444–458.SaeedSD:
Workplaces and Information Security Behavior of Business Employees: An Empirical Study of Saudi Arabia.Sustainability.2023;2–20.NaqviSGMughalMAShehzadK:
Organizational environment, protection motives, adoption of machine learning, and cybersecurity behavior.Journal of Excellence in Social Sciences.2024;11–25.AldabjanAStevenFXavierC:
Cybersecurity Incident Response Readiness in Organisations.Proceedings of the 10th International Conference on Information Systems Security and Privacy (ICISSP 2024).2024; pp.262–269.AliHGasminS:
Evaluating the Impact of Cybersecurity Principles on Human Resources Laws Compliance.2024;1–15.
Reference SourceWaiganjoIOsakweJAzetaA:
Impediments to Cybersecurity Policy Implementation in Organisations: Case Study of Windhoek, Namibia.International Journal of Research and Scientific Innovation (IJRSI).2024;540–546.NeriMFedericoNLuigiM:
Organizational cybersecurity readiness in the ICT sector: a quanti-qualitative assessment.Emerald Publishing Limited;2023; pp.2–16.WaiganjoIHJudeOAmbroseA:
The Four Processes of an Effective Cyber Security Policy.2024;258–270.
Reference SourceDorairajanV:
Cybersecurity and Organizational Performance-the Interplay.ARPHA Conference Abstract.2024; pp.1–4.OlusegunJAdeoyeIJohnK:
Revolutionizing Cybersecurity with Artificial Intelligence: Challenges and Opportunities.2024;1–15.
Reference SourceMujawarSGauravGShanthiK:
The Impact of Government Regulations on Cyber Security Policy Development.Computer Fraud and Security.2024;105–113.IbikunleBQHassanIKHungaV:
Government Policies and Cyber Security in Africa: The Nigerian Perspective in the Post-COVID-19.International Journal of E-Government & E-Business Research.2023;8:20–30.SidaniOTaherHHoushaimiM:
The impact of the institutional absorptive capacity on public debt in aid-recipient MENA countries.Edelweiss Applied Science and Technology.2024;8(6):8421–8430.JalladMNKaradasG:
Entrepreneurial Orientation and Performance Outcomes in Palestinian SMEs: The Role of Absorptive Capacity and Industry Type.Sustainability.2024;2–22.KimKSeoEHKimCY:
The Relationships between Environmental Dynamism, Absorptive Capacity, Organizational Ambidexterity, and Innovation Performance from the Dynamic Capabilities Perspective.Sustainability.2025;2–28.HerathHMAMahmoodR:
Strategic Orientations and SME Performance: Moderating Effect of Absorptive Capacity of the Firm.Asian Social Science.2014;10(13):95–107.SenivongseC:
Competency Profiling of Organization’s Absorptive Capacity Development.Interested in publishing with us department.2023;1–24.TanA:
The Effect of Social Capital and Absorptive Capacity through Knowledge Management on Finance Company Performance in Indonesia.2018;87–101.CarvalhoJRMWillianVTEnyedjaKMC:
Organizational Performance of a Public Higher Education Institution: An Analysis from the Perspective of Absorptive Capacity and Innovation.International Journal of Business and Management.2022;17(12):101–113.NiCAbdullahNL:
Research on absorptive capacity in the green context: a bibliometric and visualization analysis.Cogent Business & Management.2025;12(1):1–21.MinWZLingKCTanHP:
The Effects of Technological Innovation, Organizational Innovation and Absorptive Capacity on Product Innovation: A Structural Equation Modeling Approach.Asian Social Science.2016;12(1):199–222.SaragihLGintingPAbsahY:
Enhance EcoHandloom Product Performance Through Entrepreneurial Orientation and Absorptive Capacity for Sustainable Fashion Development.SDGs Review.2025;5:1–17.AliNYZ:
The effect of Organizational immune systems on crisis management strategies.A Field Study on Egyptian Universities.2024; pp.80–119.AlshawabkehaZA:
The impact of governance on strengthening organizational immunity in greater Madaba municipality: A Case Study.Management Science Letters.2021;1881–1892.AbunaserFMWajehaTAHoudaAA:
Understanding Academic Loyalty and Organizational Immunity in Higher Education Institutions: Faculty Perspective.Journal of Namibian Studies.2023;434–461.HashemT:
The Role of Marketing Knowledge Sharing in Building Organizational Immunity.Proceedings of the 24th European Conference on Knowledge Management (ECKM).2023; pp.533–540.MajeedORLaftaBS:
The effect of organizational immunity in enhancing the strategic capabilities of the company: an applied study on the Iraqi general insurance company.International Journal of Health Sciences.2022;6(S6):7016–7035.LiaoS:
The Relationship among Knowledge Management, Organizational Learning, and Organizational Performance.International Journal of Business and Management.2009;64–76.IssahOMakafuiRAObiriYH:
Reverse Logistics Practices and Organizational Performance. The Moderating Role of Organizational Learning Capabilities.International Journal of Supply Chain and Logistic.2024;8(4):60–84.BallenasGJTidongYPGranaderosRD:
Research Culture and Organizational Learning on Professional Development of Secondary Teachers.American Journal of Educational Research.2023;11(9):580–593.ToulabiZMehdiDHamidRAT:
A Survey of the Relationship between Organizational Memory and Organizational Learning in Public Organizations of Kerman.International Business Review.2013;6(1):90–96.HamadASAminSEM:
The role of ethical leadership behaviors in enhancing organizational immunity: An analytical study of the opinions of a sample of managers of government banks in the city of Erbil.Tikrit Journal of Administrative and Economic Sciences.2023;19(64):233–255.HadgerDAminaM:
The use of organizational DNA in discriminating innovative organizations (case study of private Algerian enterprises).Journal of Contemporary Business and Economic Studies.2023;6(2):246–260.NafeiW:
The Role of Organizational DNA in Improving Organizational Performance: A Study on the Industrial Companies in Egypt.International Business Review.2015;8(1):117–131.NawahdaNSMAl-SarayrahAAM:
Effectiveness of Organizational DNA in achieving pioneering performance through the Quality of Work life in Jordanian Commercial Banks.Journal of Positive School Psychology.2022;6(3):9784–9798.KankwendeP:
Cybersecurity in the modern age: Protecting digital assets.International Journal of Scientific Engineering and Research.2024;1–14.AlrubayeLRKQammachNIJ:
Questionnaire and Data for Organizational cybersecurity and its impact on organizational immunity. An analytical study at the Ministry of Education Iraq.General Directorate of Educational Planning.[Data set].
Zenodo.2025.
10.5281/zenodo.1792439710.5256/f1000research.193084.r463309Reviewer response for version 1IyerShankar Subramanian1Refereehttps://orcid.org/0000-0003-0598-9543
Westford University College, Sharjah, Sharjah, United Arab Emirates
Competing interests: No competing interests were disclosed.
The manuscript titled “Organizational cybersecurity and its impact on organizational immunity – An analytical study at the Ministry of Education Iraq / General Directorate of Educational Planning” investigates the relationship between organizational cybersecurity practices and the concept of organizational immunity within a governmental institution. The study employs a descriptive analytical approach using questionnaire data collected from 85 respondents and analyzes the data using SPSS and SmartPLS statistical tools. The results indicate a strong positive relationship between organizational cybersecurity and organizational immunity, suggesting that cybersecurity practices contribute to strengthening the organization’s resilience against cyber threats and operational disruptions.
The research addresses an important contemporary issue related to cybersecurity governance in public sector institutions.
While these results indicate a strong association between the variables, several issues reduce the clarity and rigor of the statistical interpretation:
Some regression results are presented inconsistently, particularly regarding the impact of the absorptive capacity dimension, which is described as both significant and non-significant in different parts of the analysis.
The statistical discussion focuses primarily on numerical outputs without deeper interpretation of their managerial or theoretical implications.
The model lacks advanced structural validation indicators such as HTMT ratios, discriminant validity matrices, or goodness-of-fit indicators, which are commonly expected in PLS-SEM studies.
Providing a clearer explanation of the statistical procedures and improving consistency in reporting would strengthen the analysis.
However, the manuscript itself does not include:
A detailed description of the dataset structure
Coding schemes for questionnaire responses
Additional supplementary statistical outputs
Providing more detailed supplementary materials (such as raw data tables, measurement items, and model output files) would enhance reproducibility.
However, the conclusions are somewhat descriptive and do not sufficiently engage with broader theoretical implications or policy contexts. The discussion would benefit from:
Linking findings to broader cybersecurity governance frameworks
Comparing results with findings from other public sector studies
Addressing limitations related to sample size, geographic scope, and organizational context
Without these considerations, the conclusions appear somewhat generalized relative to the empirical evidence presented.
Areas for Improvement
Strengthen the theoretical framework
Integrate established theories such as cyber resilience theory, dynamic capabilities, or institutional theory.
Improve statistical reporting
Provide full structural model outputs including discriminant validity, model fit indices, and mediation tests if applicable.
Clarify inconsistent findings
The results regarding absorptive capacity appear contradictory and require clarification.
Enhance discussion and implications
Provide deeper interpretation of how cybersecurity practices influence organizational resilience mechanisms.
Expand limitations section
Address limitations related to sample scope, single-organization context, and potential response bias.
Improve language and editorial quality
Several grammatical and formatting issues should be corrected for clarity and readability.
Overall Recommendation
The manuscript addresses a relevant research topic and presents meaningful empirical findings; however, moderate revisions are required to strengthen the statistical reporting, theoretical contribution, and clarity of interpretation.
With improvements to the analytical explanation, literature integration, and discussion of implications, the study has the potential to make a useful contribution to the literature on organizational cybersecurity and resilience in public sector institutions.
Is the work clearly and accurately presented and does it cite the current literature?
Yes
If applicable, is the statistical analysis and its interpretation appropriate?
Partly
Are all the source data underlying the results available to ensure full reproducibility?
Partly
Is the study design appropriate and is the work technically sound?
Yes
Are the conclusions drawn adequately supported by the results?
Partly
Are sufficient details of methods and analysis provided to allow replication by others?
Yes
Reviewer Expertise:
Business Management Emerging Technologies Sustainability
I confirm that I have read this submission and believe that I have an appropriate level of expertise to confirm that it is of an acceptable scientific standard, however I have significant reservations, as outlined above.