The purpose of this study is to examine how behavioural (employee knowledge, attitudes and secure practices) and structural (technical safeguards and external IS integration) cybersecurity factors affect the quality of accounting information systems (QAIS) and, in turn, accounting information quality (QAI) in small and medium-sized enterprises.
A cross-sectional survey of Portuguese certified accountants and financial managers (n = 60) was analysed using Partial Least Squares Structural Equation Modelling (PLS-SEM) to test a mediated model linking cybersecurity practices to QAIS and QAI.
Behavioural cybersecurity dimensions significantly enhance QAIS, whereas structural controls show no direct effect, reflecting SMEs’ resource constraints. QAIS strongly predicts QAI, confirming its mediating role between cybersecurity practices and financial data quality.
The small, single-country sample and self-reported measures limit generalisability and raise potential common method bias; future studies should adopt longitudinal or multi-method designs and explore emerging technologies (e.g. AI and blockchain) in SMEs.
Low-cost, behaviour-focused interventions (training, awareness and reinforcement of secure routines) can meaningfully improve QAIS and QAI when sophisticated cybersecurity infrastructure is unattainable; policy support (subsidies, shared services) can mitigate structural gaps.
Strengthening SME cybersecurity behaviour and system quality enhances the reliability of financial reporting, supporting stakeholder trust, compliance and sustainable economic resilience.
This study extends behavioural cybersecurity models (e.g. HAIS-Q) into an accounting context and empirically validates QAIS as a strategic mediator connecting cybersecurity behaviours with financial reporting integrity in resource-constrained SMEs, a setting underrepresented in prior research.
