2024年虚拟CISO现状报告

Why most MSPs and MSSPs will soon offervCISOservices September2024 Table ofContents Introduction and Key FindingsvCISOServices21% of MSPs and MSSPs are Already OfferingvCISOServices98% of Service Providers withoutvCISOServices Plan to Offer These in the Future43% of MSPs and MSSPs Believe thatvCISOServices will Improve Customer SecurityWhat’s Holding Service Providers Back from OfferingvCISOServices?93% of Service Providers are Overwhelmed by Cybersecurity FrameworksThe Majority of Service Providers that Offer vCISO Services See Increase in Revenue or MarginsA Third of Service Providers See the Operational and Financial Benefits of Using avCISOPlatform2025vCISOLandscapeThe Larger the Service Provider, the More Likely They are to Expand on Cybersecurity in 202575% see high demand for vCISO services among their customer baseDemographicsAboutCynomi378910111213141516171820 Introduction and Key Findings Introduction &Methodology When it comes to cybersecurity, small and medium-sized businesses (SMBs)recognize that no-one is safe.Every organization, no matter its size, is now atarget. Tasked with protecting their own customers in a supply chain that is onlygetting more complex, keeping up with compliance mandates that can often feellike moving targets, and jumping through hoops to meet the frameworks requiredby cyber insurance companies, it’s never been more important for SMBs to closeup their cybersecurity gaps. Methodology To understand the true state of thevCISOmarket we commissioned a surveyof200senior security leaders from the U.S. and Canada, split evenly betweenMSSP and MSP companies. These respondents include CEOs, CIOs, CISOs,COOs,vCISOs, Heads of Security and Senior Security Consultants. Wescreened for IT companies with50or more employees that providecybersecurity strategic services or cybersecurity consulting. On this backdrop, it’s no surprise that the Virtual CISO (vCISO) market is gainingsignificant traction, allowing SMBs to gain the benefits of security knowledge,expertise and technology, without the heavy investment of onboarding a full-timeCISO in-house. For Managed Service Providers (MSPs) and Managed SecurityService Providers (MSSPs), offeringvCISOservices will soon be table stakes. The survey was completed by GlobalSurveyz, an independent surveycompany, and took place during June and July2024. The respondents wererecruited through a global B2B research panel, and invited via email tocomplete the survey. The average amount of time spent on the survey was6minutes and14seconds. The answers to the majority of the non-numericalquestions were randomized, in order to prevent order bias in the answers. AtCynomi, we believe that information about the opportunities of avCISOsolution belong to everyone, and as thought leaders in this space, we are focusedon collecting and sharing the data that supports service providers and theirbusiness growth. For the second year in a row, our State of the Virtual CISOReport asks MSPs and MSSPs where they are on theirvCISOroadmap. We invitethem to share the challenges they are facing in their business, the level of demandthey see for cybersecurity services, the blockers they are experiencing tovCISOadoption, and for those who are already offeringvCISOservices–the results theyare experiencing, as well as how these align with their strategic goals. Key Findings More than one fifth of MSPs and MSSPs are now offeringvCISOservices The importance of Virtual CISO (vCISO) services is gaining a lot of traction with today’s service providers,and is almost ubiquitously on the organizational roadmap. Last year,19% of MSPs and MSSPs wereofferingvCISOservices, while this year that percentage has grown to21%. In addition, of the remaining79% who do not currently offer them,98% plan to offervCISOservices to their clients in the future, and39% are in the final stages of the process, planning to havevCISOservices to offer by the end of2024, ifnot earlier. 02The top benefits ofvCISOservices overlap with organizations’most strategic goals When we asked service providers who offervCISOservices about the benefits they experience, we founda tight overlap between those benefits and the wider strategic goals that service providers are looking toachieve over the next12months. Those who have avCISOoffering see growth in areas including theamount of recurring revenue they generate, the ease of upselling opportunities, the depth of customerengagement, their overall margins, and their ability to achieve true differentiation in their market. Those who don’t offervCISOservices cite valid, but addressable objections Those who do not currently offervCISOservices cite issues such as technology or knowledge gaps incybersecurity or compliance, as well as lack of skilled personnel, or a high initial investment. In reality, avCISOplatform would solve all of these issues and more, offering built-in CISO-level expertise, a lowbarrier to entry, and making it easier to sellvCISOservices as we