vCISO services thrive, but challenges persist
While 75% of service providers report high customer demand for vCISO functionality, a new Cynomi report reveals that only 21% are actively offering it—opening a window onto a growth area for service providers while emphasizing the growing centrality of vCISO services to cybersecurity operations.
This increased demand for vCISO services among SMB customers can be attributed to several factors. Compliance frameworks and regulations are proliferating, cyberattacks continue to escalate in number and intensity, and the global supply chain is increasingly tangled.
Meanwhile, the cybersecurity skill gap keeps growing, and those few SMBs that can afford dedicated CISOs often struggle to find them. Cornerstones of contemporary cybersecurity, like compliance assessments and security remediation, are increasingly difficult for SMBs to navigate independently. In this context, the expertise and guidance offered by vCISOs have grown substantially in importance, according to the report.
vCISO services unlock many opportunities for MSPs, including ease of upselling and enhanced differentiation. Accordingly, the financial gains reported by service providers offering vCISO functionality were significant: 37% increased their margins due to offering vCISO services, and 34% increased their revenue, with the majority reporting an increase of 20% or higher. The benefits extend to the end customer as well: 46% of respondents said their customer security was improved, while 44% noticed a marked upswing in customer engagement.
Beyond upselling, the report suggests that these financial gains can be attributed to reduced headcount. Through a vCISO platform, many service providers optimize and automate strategic operations, such as accessing and managing security and compliance frameworks. Many service providers already carry out similar operations without using a vCISO platform, suggesting significant cost and time-saving benefits to adoption.
“This report testifies to a desperate need on the part of SMBs and SMEs for vCISO services,” said David Primor, Ph.D., CEO of Cynomi. “These businesses are sinking under the weight of countless new regulations and are more eager than ever for the kind of guidance only vCISOs can provide. Service providers who are already offering these services have seen operational costs shrink and revenue soar—and so it’s no surprise that so many more intend to offer vCISO services in the months and years ahead.”
Cybersecurity compliance is a notable pain point for service providers, with 93% of respondents feeling overwhelmed by regulatory compliance frameworks such as PCI-DSS or GDPR and 74% feeling overwhelmed by cybersecurity frameworks like NIST and ISO.
According to the report, those resistant to vCISO services cite issues such as technology or knowledge gaps in cybersecurity or compliance, as well as a lack of skilled personnel or a high initial investment. Increasingly, though, service providers are aware that vCISO platforms actually solve all of these issues. Accordingly, the vast majority of service providers—98%—intend to offer vCISO services to their clients in the future, and 39% plan to offer them by the end of this year.