Who are BISOs and what do they bring to the cybersecurity table?

The role of a Business Information Security Officer (BISO) is gaining traction in security communities and board conversations. But why do organisations need BISOs? What are the main business drivers? What is their relationship with security leaders and what traits are ideally suited for the role?

The Main Drivers for a BISO

Collaborating with information technology has been around since its inception, when it started as a transactional order-taking department. Over time a partnership emerged with business because technology soon assumed a central role across every process. Along similar lines, cybersecurity too has come of age, with the understanding that security requires better alignment with the business.

In large organisations, the chief information security officer (CISO) is expected to apply risk management and oversight of every department, something nearly impossible to achieve, especially in a distributed environment. If CISOs become too involved in daily security and compliance operations, they run the risk of spreading themselves too thin.

Additionally, there’s always been a disconnect between business leaders and security leaders driven by a perception that cybersecurity is a necessary expense that does little to further the business. Security leaders may have previously seen themselves as the most urgent voice in the room, leaving little room for collaboration on security matters — a problem exacerbated by technical jargon and complexity.