Sixty-five percent of banks in sub-Saharan Africa view cyber risks as a major hurdle to digitalization, according to the European Investment Bank. In response, several financial institutions across the region are bolstering their digital defenses. Ghislaine Samaké, Managing Director of Ecobank Guinea-Bissau, offered insight into her group’s cybersecurity strategy during the 2025 Cyber Africa Forum in Cotonou. She stressed the need for coordinated efforts among the BCEAO, national governments, and private sector players to build regional resilience against growing digital threats.

Ecofin Agency: With digital stability becoming a regional priority for West Africa's banking sector, do you believe the current infrastructure is equipped to handle growing cyber threats, and how would you assess its resilience?

Ghislaine Samaké: It would be an overstatement to say that all infrastructures are fully equipped to handle the threats, but progress is undeniable. Several banks, especially regional groups like Ecobank, have invested heavily in securing their core banking systems, data redundancy, and data center certification. However, resilience isn't solely dependent on technical equipment. It also hinges on regional coordination and the ability to respond quickly in the event of an incident.

And on that front, there's still plenty of room for improvement. Things like collaborative penetration testing, sub-regional alert centers, and joint audits should become more systematic.

EA: Given the accelerating digitalization of financial services, including at Ecobank, what categories of cyber risks are now at play, and what approaches has your institution adopted to mitigate them?

GS: Digitalization significantly increases potential entry points for attacks, covering mobile, APIs, cloud services, and agent networks. Each channel exposes our ecosystem to specific threats, ranging from phishing and transactional fraud to DDoS attacks and API injections.

At Ecobank, our strategy follows a multilayered approach. This includes end-to-end encryption, real-time behavioral monitoring, two-factor authentication, robust internal privilege management, and regular stress tests. Essentially, cybersecurity isn't just an add-on; it's fully embedded in our core digital strategy.

EA: Since human error often remains a weak link in cybersecurity, what training, awareness programs, or tools do you offer clients to help secure their online banking activities?

GS: We are fully aware that the human factor remains the main vulnerability. That's why we have developed multiple levels of awareness initiatives. For our employees, we conduct regular training sessions on best practices, phishing, and social engineering, which include internal simulation tests. As for clients, our prevention strategy involves alert campaigns, in-app warning messages, and educational micro-content shared across social media and in our local branches. The ultimate goal is to democratize cyber awareness, making it accessible even for first-time users.

EA: How is Ecobank integrating AI or biometric innovations into its cybersecurity systems?

GS: Ecobank is actively exploring innovations in artificial intelligence (AI) and biometrics to bolster its cybersecurity. Across several of our group entities, AI is already at work, improving transaction anomaly detection and refining risk scoring. Biometrics are also integrated into our authentication processes, particularly through mobile apps, utilizing fingerprint and facial recognition, along with one-time passwords (OTPs). This approach allows us to strengthen access security without complicating the user experience. Our ongoing challenge is to ensure top-tier safety while maintaining inclusivity for all users.

EA: What role do you see the BCEAO and West African governments playing in supporting banks against cyber risks?

GS: The BCEAO has played a structuring role by establishing an initial, coherent framework for financial innovation and cybersecurity. This includes licensing fintechs, regulating digital services, and promoting stronger IT supervision, all of which deserve recognition.

The next challenge is to deepen sub-regional harmonization through shared incident response protocols, interconnected alert platforms, and joint best-practice guidelines between banks and regulators. On the government side, strengthening cyber legislation, improving judicial coordination, and implementing cyber training programs for critical operators are essential.

Ultimately, cybersecurity is as much a public policy issue as a banking concern. It's a collective undertaking, engaging financial institutions, regulators, and public authorities alike.