Cynomi's State of the Virtual CISO Report 2024 reveals service provider opportunities

Offering vCISO service provided substantial financial gains for service providers, with the majority increasing revenue according to the report.

  • Thursday, 5th September 2024 Posted 2 months ago in by Phil Alsop

Cynomi has published the results of its 2024 State of the Virtual CISO report, highlighting a growing market opportunity between what service providers are offering and what their small-to-medium business (SMB) customers want. At a time when 75% of service providers report high demand from their customers for vCISO functionality, the report reveals that only 21% are actively offering them—opening a window onto a growth-area for service providers, while emphasizing the growing centrality of vCISO services to today's cybersecurity operations.

This increased demand for vCISO services on the part of SMB customers can be attributed to a number of factors. Compliance frameworks and regulations are proliferating; cyberattacks continue to escalate in number and intensity; and the global supply chain is increasingly tangled. Meanwhile, the cybersecurity skill gap keeps growing, and those few SMBs that can afford dedicated CISOs often struggle to find them. Cornerstones of contemporary cybersecurity like compliance assessments and security remediation are increasingly difficult for SMBs to navigate on their own. In this context, the expertise and guidance offered by vCISOs have grown substantially in importance, according to Cynomi's report.

vCISO services unlock a range of opportunities for MSPs, including ease of upselling and enhanced differentiation. Accordingly, the financial gains reported by service providers offering vCISO functionality were significant: 37% increased their margins as a result of offering vCISO services and 34% increased their revenue, with the majority of them reporting an increase of 20% or higher. The benefits extend to the end-customer as well: 46% of respondents said their customer security was improved, while 44% noticed a marked upswing in customer engagement.

Beyond upselling, the report suggests that these financial gains can be attributed to reduced headcount: through the use of a vCISO platform, many service providers are optimizing and automating key strategic operations, such as accessing and managing security and compliance frameworks. Many service providers are already carrying out similar operations without using a vCISO platform, suggesting significant cost and time-saving benefits to adoption.

"This report testifies to a desperate need on the part of SMBs and SMEs for vCISO services," said David Primor, Ph.D., co-founder and CEO of Cynomi. "These businesses are sinking under the weight of countless new regulations and are more eager than ever for the kind of guidance only vCISOs can provide. Service providers who are already offering these services have seen operational costs shrink and revenue soar—and so it's no surprise that so many more intend to offer vCISO services in the months and years ahead."

Cybersecurity compliance is a notable pain point for service providers, with 93% of respondents feeling overwhelmed by regulatory compliance frameworks as PCI-DSS or GDPR and 74% feeling overwhelmed by cybersecurity frameworks like NIST and ISO.

"Service providers today are operating in an ultra-competitive market in which the need to differentiate is a must," added David Primor. "The results of this report underline just how essential vCISO services are to this differentiation. The gap between the number of SMBs who want vCISO services and the number of service providers who offer them is alarmingly wide, but this gap presents a significant opportunity for enterprising MSPs and MSSPs. Closing that gap is one of the chief tasks facing service providers today."

According to the report, those resistant to vCISO services cite issues such as technology or knowledge gaps in cybersecurity or compliance, as well as a lack of skilled personnel or a high initial investment. Increasingly, though, service providers are aware that vCISO platforms actually solve all of these issues. Accordingly, the vast majority of service providers—98%—intend to offer vCISO services to their clients in the future, and 39% plan to offer them by the end of this year.

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 5 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 5 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 5 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 5 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 5 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.