From CISO to BISO: an unavoidable evolution?

The cyber maturity of the entire sector has steadily improved, as have the capabilities and skills of the hackers we face.

For François Luquet (BforBank), CISO is no longer seen solely as a tech role.

"When deploying a major digital transformation program, CISO usually takes center stage in managing cybersecurity risks. While CISOs have hitherto focused more on technical and functional issues, the role of CISOs is now evolving to become an active stakeholder in achieving the strategic business objectives."

For Gaelle Donnette (CA PFM), this natural integration with the business lines is obvious.

“It is in the minds of our businesses that tomorrow’s services are conceived: being as close as possible to the businesses allows security to be integrated into the thinking as soon as possible, thus promoting the consideration of security “by design” by allowing us to contribute to the strategic orientations. At CA-PFM, being as upstream as possible of all projects, innovations, and even acquisition operations, is a permanent concern of the CISO. And that’s what makes our job exciting!”

For Wilfried Lauber (Amundi), we must now anticipate the next moment, when the hackers will have won a battle, but not the war!

“At Amundi, the CISO is now at the heart of cyber resilience with the business continuity teams: accepting that the protections and controls put in place will no longer be sufficient and that the continuity plans will no longer be adapted. We need to be prepared to fight against a hacker who will be a step ahead of us, who will have taken control of our systems and who will no longer perform all or part of their services.

The issue is not just IT, it is a business. The definition of a resilience plan following a massive cyber attack allows us to evolve the role of the CISO by bringing it even closer to the business and allows us to bring even more value to the company."

Discover their cross-interview: