The rise and rise of the vCISO


Cybercrime saw a sharp increase over the COVID-19 pandemic yet in a recent IDG report, 78% of executives expressed a lack of confidence in their organisation's ability to deal with with cyber risk, highlighting how important it is to have the right expertise in place to maintain a strong security posture in today’s world.


One of the key cyber security challenges organisations face is understanding their own cyber security risk and identifying the most appropriate levels of controls for their sector - and allocating budget and resources to do so. A highly qualified CISO (Chief Information Security Officer) is able to put effective security strategies that reduce risk into place, but not all businesses can afford an in-house CISO.


That’s why many companies are looking to the support of a virtual Chief Information Security Officer (vCISO) to fill this gap.


What is a vCISO?

vCISOs are becoming increasingly popular for businesses that recognise the importance of maintaining a secure environment but may not be ready to hire a C-level security executive. A vCISO is an external security professional or outsourced service that helps to architect the organisation’s security strategy and may also implement it.


Building and maintaining a cyber security team can be a slow and expensive process. A vCISO gives companies immediate access to expertise and technology that has a rapid impact, improving cyber security posture, processes, and minimising risks. Internal security staff may still be required within the company, helping to execute the security programme put in place by the vCISO.


Why choose a vCISO over an internal CISO?


It’s more cost effective

The national average salary for a CISO is £116,960 per year in the United Kingdom according to Glassdoor which is a significant expense for small and medium sized businesses, and there would still be added costs for security monitoring software and other tools. The cost of an outsourced vCISO can vary and is usually dependent on the nature of the business and amount of support required. A vCISO contract may be based on a monthly or yearly retainer, allowing for increased flexibility to scale up or down dependent on needs.


Access to a team of experts

Many companies offering “CISO-as-a-service” are able to pull in multiple team members rather than just one person acting as the vCISO. For example, if a company is struggling with a particular area of security, a penetration tester or digital forensics specialist may be useful and the provider will be able to offer these skills. Furthermore, a vCISO is a highly qualified cyber security professional and is objective and independent from your organisation, making it easier to evaluate your team and security posture in a non-biased way.


Reduced business risk A virtual CISO service takes care of regular testing of cyber security processes and technology, helping businesses minimise their security risks whilst ensuring continued compliance with the latest regulation. By using external expertise, companies can benefit from a more dynamic approach to security dependent on their specific requirements. The risk of cyber security threats can be more easily reduced by leveraging deep cyber security and technical expertise in a tailored, yet flexible manner.


vCISO is a virtual CISO service, managed by Crossword’s cyber security experts. The vCISO service provides clients with a virtual cyber security team and network protection at a fraction of the cost of building their own in-house team, at a time when building such teams can take many months and skills are in short supply.


Learn more by visiting our Consulting page.