Most scholarly work has focused on the positive effects of digitalisation in Sub-Saharan Africa without accounting for the associated risks and mitigation measures at the firm level. Using the 2016 Enterprise ICT Survey of Kenya which provides a rich source of information on the use of ICT among firms, we examine the effect of cybersecurity breach on labour productivity and show how this effect is moderated by cyber risk mitigation capabilities at the firm level. We find that cybersecurity breach reduces labour productivity at the firm level. We also find that upskilling mitigates the negative effect of cybersecurity breach on labour productivity especially for Small and Medium-sized Enterprises. The results further suggest that while Information Technology Policy and Information Technology Security capabilities can enable firms to improve labour productivity, these measures are not sufficient to offset the adverse effect of cybersecurity breach on labour productivity. Together the results imply that upskilling is an effective cyber risk mitigation measure against cybersecurity breaches at the firm level and therefore should be an integral part of the overarching IT governance strategy of firms.

大多数学术工作都集中在撒哈拉以南非洲地区数字化的积极影响，而没有考虑公司层面的相关风险和缓解措施。 2016 年肯尼亚企业 ICT 调查提供了有关企业 ICT 使用情况的丰富信息来源，我们研究了网络安全漏洞对劳动生产率的影响，并展示了企业层面的网络风险缓解能力如何调节这种影响。我们发现网络安全漏洞降低了企业层面的劳动生产率。我们还发现，技能提升可以减轻网络安全漏洞对劳动生产率的负面影响，尤其是对中小企业而言。结果进一步表明，虽然信息技术政策和信息技术安全能力可以使企业提高劳动生产率，但这些措施不足以抵消网络安全漏洞对劳动生产率的不利影响。总之，结果表明，技能提升是针对公司层面网络安全漏洞的有效网络风险缓解措施，因此应该成为公司总体 IT 治理战略的一个组成部分。