Published July 5, 2023, by Reginald Persimmons
In today’s enterprise environments, cybersecurity is still largely defined by technical tools—firewalls, intrusion detection, and layered encryption. These are essential. But they are also insufficient. As Diana Ussher-Eke’s leadership across IBM, Samsung, and now Continental Reinsurance demonstrates, cybersecurity must also be a cultural and ethical commitment—rooted in human behavior, organizational processes, and leadership accountability.
Across a two-decade career spanning some of Africa’s most complex markets, Ussher-Eke has embedded cybersecurity not only into HR strategy, but into the everyday habits of leadership teams, line managers, and frontline employees. Her approach reframes a persistent blind spot: that many breaches occur not through perimeter intrusion but through internal lapses—most often, unrevoked access, unclear accountability, or under-informed personnel.
During her time at IBM, Ussher-Eke served as Country Process Owner for a critical Workforce Processes and Programs across 20 countries in Central, East, and West Africa. The risks at play were not theoretical. With IBM’s infrastructure embedded in both government and private sector operations across the region, the threat posed by dormant access rights was real and urgent.
She implemented a compliance framework requiring badge and system access to be revoked within 24 hours of separation—covering everything from VPN to mobile connectivity. These processes were tested monthly, with defect tracking and remediation built in. The outcome: a 90%+ compliance rate in access termination and a substantial reduction in insider risk across the region.
But the technical measure alone wasn’t the full story. As part of IBM’s Integrated Services Team, Ussher-Eke helped design HR processes that embedded data privacy and access governance from the start. Permissions were aligned with roles and automatically adjusted as projects concluded. Access wasn’t granted indefinitely—it was tied to purpose. The result was a process-driven approach to cybersecurity grounded in behavioral clarity and systemic control.
When Ussher-Eke joined Samsung as Head of HR for West Africa, the context shifted. While IBM had mature systems and high digital governance awareness, Samsung operated in a more hierarchical, culture where compliance tended to be top-down and procedural.
Here, Ussher-Eke advanced a more values-based strategy. She partnered with internal audit and IT to embed cybersecurity training not as a checklist item, but as a marker of professionalism. Everyone—employees, vendors, and contractors—received role-specific training. More importantly, they were encouraged to ask questions, report anomalies, and treat cybersecurity as a matter of ethics, not just rules.
This created the foundation for what she describes as “psychological safety in security”—where employees felt empowered to report mistakes or risks without fear. This shift, often undervalued in emerging markets, strengthened resilience in a measurable way. It also expanded the accountability base for cybersecurity, moving it out of the IT function and into the business as a whole.
Now serving as Group Head of HR at Continental Reinsurance, Ussher-Eke is applying this people-first cybersecurity model to Africa’s largest private reinsurer. With operations in more than 50 markets and a growing digital footprint—from regulatory reporting to cloud-based underwriting and claims administration—the firm faces significant exposure.
Her response has been structural. Cybersecurity is now integrated into onboarding, performance management, and internal learning systems. Each new employee receives cybersecurity orientation tied to their functional risks. Cyber hygiene expectations are formalized in performance KPIs. And technical training is supplemented with scenario-based ethical discussions—bridging compliance with cultural understanding.
One of her signature initiatives, the Continental Re Academy, has trained over 4,700 insurance professionals across Africa. It blends technical upskilling with cyber risk awareness and governance ethics—preparing a generation of professionals to lead in a digital, high-compliance environment.
Notably, Ussher-Eke has also focused on insider risk, a critical issue in financial services. Through clearer digital behavior policies, safe reporting channels, and targeted leadership engagement, she has created mechanisms to prevent the kind of low-visibility breaches that can result in reputational and regulatory damage.
What distinguishes Ussher-Eke’s approach is not its boldness, but its quiet systemic discipline. She has repositioned human resources as a strategic partner in cyber defense by embedding cybersecurity into the architecture of organizational operations. Her model rests on three foundational levers: process integrity, by aligning access rights, permissions, and workforce protocols with job roles and project timelines rather than just employment status; cultural accountability, by framing cybersecurity as a shared organizational value rooted in leadership behavior, ethical clarity, and team norms rather than technical compliance alone; and workforce design, by integrating cybersecurity awareness and responsibility directly into job design, onboarding, and continuous learning—particularly in high-risk sectors like insurance and financial services. Together, these levers transform HR from a policy center into an active agent of enterprise resilience
Ussher-Eke’s leadership reframes cybersecurity not as an IT objective but as a foundational attribute of modern enterprise. Culture, in her view, is infrastructure. When designed thoughtfully—through governance, clarity, and trust—it becomes more resilient than any firewall or software patch.
As more organizations face rising regulatory complexity, cloud dependency, and insider risk, the need for her approach is growing. Her work is a reminder that the strongest defenses are built long before a breach—and often, far from the server room.
Her legacy across IBM, Samsung, and Continental Re is clear: cybersecurity begins and ends with people. And the organizations that recognize this early will be best positioned to lead in a volatile digital future.