Cynomi, a provider of virtual Chief Information Security Officer (vCISO) platforms for managed service providers (MSPs) and managed security service providers (MSSPs), has released its 2024 State of the Virtual CISO report.
The findings highlight a significant gap between the services offered by providers and the increasing demands of small-to-medium businesses (SMBs). While 75% of service providers report strong demand for vCISO functionality from their clients, only 21% currently offer it, revealing a growth opportunity for service providers and underscoring the rising importance of vCISO services in modern cybersecurity practices.
The growing demand for vCISO services from SMBs is driven by several factors: the expansion of compliance frameworks and regulations, an increase in both the frequency and severity of cyberattacks, and an increasingly complex global supply chain. Meanwhile, the cybersecurity skills gap continues to widen, leaving SMBs that can afford full-time CISOs struggling to recruit them. Key aspects of cybersecurity, such as compliance assessments and security remediation, are becoming more challenging for SMBs to manage independently. In this context, the expertise provided by vCISOs has become crucial, according to Cynomi’s report.
vCISO services offer various advantages for MSPs, such as easier upselling and a stronger market differentiation. The financial impact of offering vCISO functionality has been notable: 37% of service providers reported an increase in profit margins, while 34% saw a revenue boost, with most of those providers noting increases of 20% or more. Customers also benefit, with 46% of respondents reporting improved security and 44% observing increased client engagement.
In addition to upselling, the report highlights that these financial benefits are often linked to reduced headcount. Many service providers using vCISO platforms optimise and automate key strategic operations, such as managing security and compliance frameworks. Many providers already perform similar tasks without a vCISO platform, which suggests significant cost and time savings could be realised through its adoption.
“This report testifies to a desperate need on the part of SMBs and SMEs for vCISO services,” said David Primor, Ph.D., Co-Founder and CEO of Cynomi. “These businesses are sinking under the weight of countless new regulations and are more eager than ever for the kind of guidance only vCISOs can provide. Service providers who are already offering these services have seen operational costs shrink and revenue soar—and so it’s no surprise that so many more intend to offer vCISO services in the months and years ahead.”
Cybersecurity compliance has emerged as a major challenge for service providers, with 93% of respondents feeling overwhelmed by regulatory frameworks like PCI-DSS or GDPR, and 74% feeling similarly about cybersecurity standards such as NIST and ISO.
“Service providers today are operating in an ultra-competitive market in which the need to differentiate is a must,” added Primor. “The results of this report underline just how essential vCISO services are to this differentiation. The gap between the number of SMBs who want vCISO services and the number of service providers who offer them is alarmingly wide, but this gap presents a significant opportunity for enterprising MSPs and MSSPs. Closing that gap is one of the chief tasks facing service providers today.”
The report also notes that some providers have been hesitant to adopt vCISO services, citing concerns about technology, knowledge gaps in cybersecurity or compliance, a lack of skilled personnel, or the high initial investment. However, many providers are increasingly aware that vCISO platforms can address these issues. As a result, 98% of service providers now plan to offer vCISO services in the future, with 39% aiming to do so by the end of this year.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.