vCISO platform vendor Cynomi today released the findings of a new report focused on the opportunity available to MSPs and others in the channel through virtual CISO offerings. The report comes from Cynomi but was built on surveys completed by a third-party vendor.
vCISO demand is out pacing supply, but MSPs want to catch up
Cynomi’s State of the Virtual CISO Report 2024 highlighted that 21% of MSPs and MSSPs currently offer vCISO programs, but that upwards of 98% of providers surveyed want to add the service offering “in the future,” with 39% planning to offer vCISO services by the end of 2024.
The report also found that as many as 75% of service providers report high demand from their customers for vCISO functionality, showing a high demand for specialized offerings in much lower supply.
“Service providers today are operating in an ultra-competitive market in which the need to differentiate is a must,” said CEO David Primor in a press release. “The results of this report underline just how essential vCISO services are to this differentiation. The gap between the number of SMBs who want vCISO services and the number of service providers who offer them is alarmingly wide, but this gap presents a significant opportunity for enterprising MSPs and MSSPs. Closing that gap is one of the chief tasks facing service providers today.”
Resources and technical, regulatory skills keeping some from financial growth
The gap between those who have established the offering and those who have not is explained by the report as largely being a skills and resources issue. The press release announcing the report pointed to “technology or knowledge gaps in cybersecurity or compliance, as well as a lack of skilled personnel or a high initial investment” as key issues holding providers back from adding vCISO to their offerings.
Additionally, the report found that compliance “is a notable pain point for service providers.” 93% of respondents reported feeling overwhelmed by regulatory compliance frameworks like PCI-DSS or GDPR and 74% said they felt overwhelmed by cybersecurity frameworks like NIST and ISO.
Cynomi’s report also detailed the financial growth associated with vCISO services that MSPs and others might expect to see if they add the offering to their portfolio. According to the report, of the provders included in the research:
- 37% increased their margins as a result of offering vCISO services.
- 34% increased their revenue, with the majority of them reporting an increase of 20% or higher.
- 46% of respondents said their customer security was improved.
- 44% noticed a marked upswing in customer engagement.
Primor said he believes MSPs and MSSPs are in a prime position to drive value to their customers, even if some still don’t know vCISO services by their name or have not reached out to ask their providers for such services in the past.
“Cybersecurity threats and compliance concerns aren’t going anywhere. Businesses of all sizes will experience a continuous increase in the need for cybersecurity management in order to be cyber resilient,” Primor told Channel Insider. “In addition, compliance will remain a burning issue as regulatory requirements across the board get higher and more demanding. To add on all of that, cyber insurers increase their requirements. All that will drive additional demand for vCISO services, there is no doubt about that.”
“SMBs are likely to reach out to their IT or security service providers as a default, sharing their need for cybersecurity and compliance. Those SMBs might not call it ‘vCISO’, but if they want to ensure [they are] cyber resilient, vCISO is what they need. MSPs and MSSPs are in the right position to explain to their clients that the answer to improving their security and keeping them compliant at all times, is vCISO services,” Primor added.
Cynomi continues to expand vCISO solutions through directory, platform
The Cynomi report is one of several recent announcements made by the company. In August the vendor released its “vCISO Directory” to provide a way for businesses to find providers that can offer them vCISO services.
“They can filter by location, look for specific services, check the company size and more,” Primor said. “They can also get tips and information about engaging with a vCISO vendor and some best practices like what to ask a vCISO vendor, how to evaluate the impact of the vCISO program, when to start such a program and how to select the right vendor.”
Channel Insider recently spoke with several providers and Cynomi CEO David Primor about why they offer vCISO services and how they structure their programs to best serve their clients.