Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya

Tetteh, Godsway Korku and Otioma, Chuks (2024) Cyberattack, cyber risk mitigation capabilities, and firm productivity in Kenya. Small Business Economics. ISSN 0921-898X (https://doi.org/10.1007/s11187-024-00946-8)

[thumbnail of Tetteh-Otioma-SBE-2024-Cyberattack-cyber-risk-mitigation-capabilities-and-firm-productivity]
Preview
Text. Filename: Tetteh-Otioma-SBE-2024-Cyberattack-cyber-risk-mitigation-capabilities-and-firm-productivity.pdf
Final Published Version
License: Creative Commons Attribution 4.0 logo

Download (783kB)| Preview

Abstract

Most scholarly work has focused on the positive effects of digitalisation in Sub-Saharan Africa without accounting for the associated risks and mitigation measures at the firm level. Using the 2016 Enterprise ICT Survey of Kenya which provides a rich source of information on the use of ICT among firms, we examine the effect of cybersecurity breach on labour productivity and show how this effect is moderated by cyber risk mitigation capabilities at the firm level. We find that cybersecurity breach reduces labour productivity at the firm level. We also find that upskilling mitigates the negative effect of cybersecurity breach on labour productivity especially for Small and Medium-sized Enterprises. The results further suggest that while Information Technology Policy and Information Technology Security capabilities can enable firms to improve labour productivity, these measures are not sufficient to offset the adverse effect of cybersecurity breach on labour productivity. Together the results imply that upskilling is an effective cyber risk mitigation measure against cybersecurity breaches at the firm level and therefore should be an integral part of the overarching IT governance strategy of firms.

ORCID iDs

Tetteh, Godsway Korku ORCID logoORCID: https://orcid.org/0000-0003-0900-4633 and Otioma, Chuks;