After years of surging cyber crime rates, CEOs and industry experts acknowledge the need for executive leadership on cybersecurity. Unfortunately, the shortage of qualified candidates has led to a dramatic spike in compensation, putting CISOs out of reach for many small and medium-sized businesses (SMBs). However,SMBs have an option that large enterprises don’t: the Virtual Chief Information Security Officer or vCISO. Virtual CISOs have the same credentials, knowledge, and expertise as traditional CISOs, but they work with several companies at once, scaling their efforts to fit the needs and budgets of individual organizations. 

vCISOs By The Numbers

200,000+ Unfilled Positions in the US — The market for cybersecurity professionals is growing so rapidly that it’s difficult to find qualified employees at all levels. Recent graduates can fill entry-level positions, but it takes years of experience to align cybersecurity and business goals or foster a culture of security within an organization.

$16,000 per year — CISO salaries are on the rise, starting around $140,000 and surging over $320,000 in metro areas. SMBs face a difficult choice: forgo the benefits of a CISO or hire someone with less leadership experience, willing to work for less money. Rather than settling, partner with a vCISO. The starting rates for vCISOs are closer to $16,000 per year. As an added benefit, there’s no reason to worry another company will swoop in and make your vCISO a better offer, forcing you to start the hiring process all over again.

500 Workstations vCISOs are best suited to organizations with no more than 500 workstations and two data centers. If your tech infrastructure is larger than that, the time and services required from a vCISO would not be cost-effective.

15 Years of Experience Anyone offering vCISO services should be as qualified as a traditional, in-house CISO. Fully vet candidates and firms, looking for at least 15 years of experience, extensive business, financial, and technical skills, and proper certifications.

1 Team The vCISO is a member of your team, not an outside consultant. They should work in close collaboration with other decision-makers and report directly to the CEO or another C-level executive. This level of integration is essential to maximize ROI, drive organizational change, and create a culture of cybersecurity within the organization.

To learn more about how vCISOs are helping SMBs transform their cybersecurity programs, download our white paper: The Emergence of the Virtual Chief Information Security Officer.