Date of Conferral



Doctor of Business Administration (D.B.A.)


Business Administration


Dr. Ronald C. Jones


Leaders of financial institutions face challenges in protecting data because of the increased use of computer networks in the commerce and governance aspects of their businesses. The purpose of this single case study was to explore the strategies that leaders of a small financial institution used to protect information systems from cyber threats. The actor-network theory was the conceptual framework for this study. Data were collected through face-to-face, semistructured interviews with 5 leaders of a small financial institution in Qatar and a review of company documents relevant to information security, cybersecurity, and risk management. Using thematic analysis and Yin'€™s 5-€step data analysis process, the 4 emergent key theme strategies were information security management, cybersecurity policy, risk management, and organizational strategy. The findings of this study indicate that leaders of financial institutions protect their information systems from cyber threats by effectively managing information security practices; developing robust cybersecurity policies; identifying, assessing, and mitigating cybersecurity risks; and implementing a holistic organizational strategy. The protection of information systems through reductions in cyber threats can improve organizational business practices. Leaders of financial institutions might use the findings of this study to affect positive social change by decreasing data breaches, safeguarding consumers' confidential information, and reducing the risks and costs of consumer identity theft.