Cynomi's State of the Virtual CISO Report 2024 reveals service provider opportunities

Offering vCISO service provided substantial financial gains for service providers, with the majority increasing revenue according to the report.

  • 2 months ago Posted in

Cynomi has published the results of its 2024 State of the Virtual CISO report, highlighting a growing market opportunity between what service providers are offering and what their small-to-medium business (SMB) customers want. At a time when 75% of service providers report high demand from their customers for vCISO functionality, the report reveals that only 21% are actively offering them—opening a window onto a growth-area for service providers, while emphasizing the growing centrality of vCISO services to today's cybersecurity operations.

This increased demand for vCISO services on the part of SMB customers can be attributed to a number of factors. Compliance frameworks and regulations are proliferating; cyberattacks continue to escalate in number and intensity; and the global supply chain is increasingly tangled. Meanwhile, the cybersecurity skill gap keeps growing, and those few SMBs that can afford dedicated CISOs often struggle to find them. Cornerstones of contemporary cybersecurity like compliance assessments and security remediation are increasingly difficult for SMBs to navigate on their own. In this context, the expertise and guidance offered by vCISOs have grown substantially in importance, according to Cynomi's report.

vCISO services unlock a range of opportunities for MSPs, including ease of upselling and enhanced differentiation. Accordingly, the financial gains reported by service providers offering vCISO functionality were significant: 37% increased their margins as a result of offering vCISO services and 34% increased their revenue, with the majority of them reporting an increase of 20% or higher. The benefits extend to the end-customer as well: 46% of respondents said their customer security was improved, while 44% noticed a marked upswing in customer engagement.

Beyond upselling, the report suggests that these financial gains can be attributed to reduced headcount: through the use of a vCISO platform, many service providers are optimizing and automating key strategic operations, such as accessing and managing security and compliance frameworks. Many service providers are already carrying out similar operations without using a vCISO platform, suggesting significant cost and time-saving benefits to adoption.

"This report testifies to a desperate need on the part of SMBs and SMEs for vCISO services," said David Primor, Ph.D., co-founder and CEO of Cynomi. "These businesses are sinking under the weight of countless new regulations and are more eager than ever for the kind of guidance only vCISOs can provide. Service providers who are already offering these services have seen operational costs shrink and revenue soar—and so it's no surprise that so many more intend to offer vCISO services in the months and years ahead."

Cybersecurity compliance is a notable pain point for service providers, with 93% of respondents feeling overwhelmed by regulatory compliance frameworks as PCI-DSS or GDPR and 74% feeling overwhelmed by cybersecurity frameworks like NIST and ISO.

"Service providers today are operating in an ultra-competitive market in which the need to differentiate is a must," added David Primor. "The results of this report underline just how essential vCISO services are to this differentiation. The gap between the number of SMBs who want vCISO services and the number of service providers who offer them is alarmingly wide, but this gap presents a significant opportunity for enterprising MSPs and MSSPs. Closing that gap is one of the chief tasks facing service providers today."

According to the report, those resistant to vCISO services cite issues such as technology or knowledge gaps in cybersecurity or compliance, as well as a lack of skilled personnel or a high initial investment. Increasingly, though, service providers are aware that vCISO platforms actually solve all of these issues. Accordingly, the vast majority of service providers—98%—intend to offer vCISO services to their clients in the future, and 39% plan to offer them by the end of this year.

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Research unveils data-driven, condition-based device refresh approach, supported by...
Gartner, Inc. predicts that through 2027, Fortune 500 companies will shift $500 billion from energy...
2025 will see UK businesses undertake a major shake up of their IT and data practices, new research...
Study sees UK businesses placed lowest of ten countries for multi-year sustainability planning,...
70% of UK decision-makers place strong trust in AI technologies, but the vast majority (83%) are...
Software AG has found that half of all employees are using Shadow AI (i.e. non-company issued AI...
AVEVA has partnered with Vulcan Energy Resources and Oxford Quantum Circuits to advance business...