2025年虚拟CISO现状：AI重塑网络安全与合规服务

How AI is Reshaping Cybersecurity and Compliance Services Survey Report|July 2025 Table of Contents Introduction and Key Findings ……………………………………………………………………………………………………………………………………………3Meeting the Demand for Advanced Cybersecurity Services ………………………………….………………….………………….…………………….7SMB Clients Are Driving High Demand for vCISO Services ………………………………….………………….……………………………………….……………….8Demand for Advanced Cybersecurity Services is Rising Across the Board ……………….…………………………………………………………………….9vCISO Services Surge as More Providers Respond to Market Demand …….………………………………………….…………………………………………. 10vCISO Providers Report Wide-Ranging Business and Security Benefits ……….…….………………………………………….………………………………... 11Even Non-Adopters See the Value in vCISO Services ……….…….……………………………………………………………………….……………………………….. 12Risk Assessments Offer Clear Value and a Path to vCISO Services …..……….…….………………………………………………………………………………. 13Cost and Resource Constraints are the Main Barriers to vCISO Adoption …..……….…….……………………………………………………………………. 14Most Providers without vCISO Offerings Plan to Add Them Soon …..……….…….…………………………………………………………………………………. 15How AI is Reshaping Cybersecurity and Compliance Services…..……….…….……………………………………………………………………………………16AI is Poised to Improve Cybersecurity and Compliance Services …..……….…….……………………………………………………………………………..……. 17Providers See Broad Potential for AI Across Cybersecurity and Compliance Tasks …..……….…….………………………………………………..……. 18Most vCISO Providers are Already Using AI and Automation …..……….…….……………………………………………………………………………….…..…….. 19 What’s Next for Service Providers…..……….…….……………………………………………………………………………………………………………………………...…….22AI Adoption is Set to Grow Across Cybersecurity and Compliance Services …..……….…….…………………………………………………………..…….. 23 About Cynomi…..……….…….………………………………………………..………………………………………………………………………………………………………………..……27 Introduction andKey Findings Introduction & Methodology When we launched the State of the Virtual CISO survey three years ago, the goal was tobetter understand how service providers are evolving their cybersecurity and complianceofferings and adopting the vCISO (virtual CISO) model. As the market continues to mature, METHODOLOGY To understand the current state of the vCISO market and how cybersecurityand compliance services are evolving, we commissioned a survey of 200senior security leaders from the U.S. and Canada, split evenly between MSPs This year’s data tells a clear story: vCISO services are rapidly moving into the mainstream. Injust one year, the share of providers offering these services has jumped from 21% to 67%.The survey audience remained consistent with previous years, reflecting growing demand The survey targeted IT companies that provide cybersecurity consulting orstrategic cybersecurity services. MSP respondents represented companies with50 or more employees; MSSPs had a minimum of 10 employees. The audience At the same time, the definition of “vCISO services” is evolving. What began as a focusedoffering has expanded into a wider range of cybersecurity and compliance activities,including everything from risk assessments and continuous compliance readiness to The survey was conducted by Global Surveyz, an independent research firm,and fielded during May 2025. Respondents were recruited through a globalB2B research panel and invited via email to complete the survey. Most We also explored new territory in this year’s survey, adding questions on AI and automation,tools that are increasingly critical to service provider success. The results offer insight notjust into where the vCISO market stands today, but into where cybersecurity and compliance 01 High demand for vCISO services jumped from 75% in 2024 to 79% in 2025, with combined high and moderatedemand now reaching 96%. Larger providers are especially likely to report strong demand, with 86% of companieswith 1,000+ employees indicating high client interest. This trend signals that structured, ongoing cybersecurity support 02 In 2024, only 21% of MSPs and MSSPs said they were offering vCISO services. By 2025, that number surged to 67%, a 319% increase. This dramatic shift reflects both rising market demand and the fulfillment of last year’s stated intentions,when 74% of non-adopters said they planned to launch vCISO services by the end of 2025. 03 Among providers not currently offering vCISO services, 50% plan to do so by the end of 2025, and another 27% aretargeting 2026. Only 3% have no plans at all. This signals a clear market direction: vCISO is moving from an emergingoffering to an expected part of any full-service cybersecurity portfolio. 04 Among providers who have not yet launched vCISO services, the top reasons include concerns about profitability(35%), high initial investment (33%), and a lack of skilled cybersecurity staff (32%). These are real challenges, but theyare more about resources and ramp-up than doubts about the model itself, and many could be eased with the right 05 A fu