For Ehebha Griffith Onus, risk management is not a bureaucratic box-ticking exercise, it is a strategic engine for business growth, innovation, and sustainability. With more than two decades shaping Africa’s financial infrastructure, the respected cybersecurity and risk expert has held leadership roles at some of the continent’s most influential financial institutions, including Diamond Bank Plc and Interswitch Holdings.
His pioneering work in cybersecurity, operational risk, and ESG has earned him recognition across regulatory, corporate, and technology circles.
We sat down with Griffith to explore the mindset, milestones, and mission behind his journey and his ambitious vision for building Africa’s next generation of risk leaders.
Q: Cybersecurity threats have become increasingly sophisticated. What’s your perspective on Africa’s current readiness?
Griffith: The readiness is uneven, and that is what concerns me. Some institutions have made impressive strides, deploying modern cybersecurity frameworks, investing in threat intelligence, and prioritizing governance. But across the board, we still suffer from underinvestment, a shortage of skilled professionals, and frankly, a mindset gap. Many organizations still see cybersecurity as a technical issue, rather than a strategic imperative.
You can’t outsource awareness. Even the best firewalls can’t protect an organization where staff click on phishing links or where leaders don’t budget for cybersecurity. Readiness isn’t just about tools, it’s about culture. Until boards and CEOs treat cyber risk the same way they treat credit or operational risk, we’ll remain vulnerable.
Q: How do you see the role of public-private collaboration in strengthening cybersecurity and risk governance?
Griffith: It’s essential, especially in Africa. The threats we face are borderless, and no single entity, whether it’s a bank, telco, or government agency can go it alone. We need collaborative intelligence-sharing models, joint crisis simulation exercises, and harmonized regulatory expectations.
For instance, imagine a telco detecting an attack vector targeting mobile wallets. That insight should be shared across the sector instantly, not after the damage is done. I’ve advocated for platforms where private institutions can engage regulators in real-time conversations about emerging risks and innovations. When there’s trust and structure in those engagements, we all get better.
Q: You’ve worked at the intersection of risk, strategy, and innovation. How do you balance innovation with risk control, especially in fast-growth tech environments?
Griffith: The first thing to understand is that risk and innovation are not opposites. In fact, they should be allies. Without risk foresight, innovation can become reckless. Without innovation, risk management becomes obsolete. The sweet spot is when risk teams enable bold ideas safely by anticipating what could go wrong and designing safeguards before launch.
At Interswitch, for example, we rolled out digital products across multiple African markets. Each market had its own regulatory landscape, its own vulnerabilities. Rather than block expansion, my job was to guide it, to ensure we were proactive with compliance, data protection, and business continuity. When you do that, innovation doesn’t slow down. It scales sustainably.
Q: You have mentioned “local context” a few times. Why is localising risk frameworks so important for Africa?
Griffith: Because we are not a copy-paste continent. Our infrastructure, customer behavior, and regulatory maturity vary widely, even within the same region. If you apply Western frameworks wholesale, you end up with controls that don’t reflect ground realities or worse, frameworks that stifle innovation.
For example, a fraud detection model built for Europe might rely on real-time credit checks or advanced identity databases. That might not exist in parts of Africa. So, we need adaptive models, ones that factor in mobile money dynamics, informal market transactions, and multilingual digital literacy.
Risk management is not effective unless it is relevant. That is why local expertise is non-negotiable.
Q: What advice would you give to young professionals who want to build a career in risk management in Africa?
Griffith: First, develop a mindset of continuous learning. The risk landscape evolves daily new threats, new technologies, new regulations. You must be curious enough to stay ahead. Second, seek cross-disciplinary knowledge. Risk isn’t just about compliance, it touches on law, technology, ethics, finance, and psychology. The more rounded your understanding, the better decisions you will make.
Finally, anchor yourself in purpose. Risk is not glamorous, and many times you will be the voice saying “pause” in a room full of people saying “go.” But that role matters. You are not just managing risk, you are safeguarding futures.
Q: In your opinion, what will the next 10 years of risk management in Africa look like?
Griffith: I see three shifts. First, digitally native risk governance where artificial intelligence, blockchain, and real-time data streams will become integral to managing threats. Second, ESG-driven accountability where investors, regulators, and customers will expect businesses to show not just profit, but purpose. And third, homegrown expertise where African professionals will lead global conversations on risk, because they have built models that work in complexity.
If we do this right, Africa won’t just catch up, we will lead in certain areas. But that starts today, with how we train, how we invest, and how seriously we take risk, not as a department, but as a leadership function.
Griffith embodies a new generation of African leadership, one that doesn’t see risk as a constraint but as a compass for innovation and accountability. His career is a testament to how strategic thinking, ethical leadership, and technical mastery can come together to redefine the role of risk in shaping Africa’s digital and financial future. As he looks toward building a continent-wide risk academy, one thing is clear: Griffith is not just managing risk, he is reimagining its purpose.
