Date of Conferral



Doctor of Information Technology (D.I.T.)


Information Systems and Technology


Don A. Carpenter


Some financial institutions in Nigeria have not deployed strategies that mitigate cyber exploitation risks in the financial services industry. Financial institution leaders are concerned because cyber exploitation contributed to the reduction in the adult banking population to a low 38%. Grounded in the integrated systems theory of information security management, the purpose of this multiple case study was to explore strategies some financial institution leaders in Nigeria use to prevent cyber exploitations. The participants included 6 chief information security officers of 6 financial institutions. Data were collected from semistructured interviews and company and public documents. A thematic analysis identified themes to include the need to align information security plans of actions with corporate strategies, ensuring there are information security policies, processes, and procedures to guide disciplined efforts for information risk mitigation. A comprehensive risk management process can be used to determine information security strategies to ensure all risk areas are covered. This study may contribute to positive social change when a much more significant percentage of the Nigerian public use financial services because institutions adopt strategies to protect confidentiality, integrity, and availability of information.