Call us on 03450 21 21 51

Virtual CISO: too good to be true?
The SRM Blog

Virtual CISO: too good to be true?

Julia Wailes-Fairbairn

Written by Julia Wailes-Fairbairn

5th March 2019

Share this article

vCISO too good to be true?

There are some things in life that are simply too good to be true: miracle diets, offers of millions from Nigerian princes and free lunches to name but a few. It is therefore a natural human instinct to be cynical when offered something which claims to solve all your problems without costing the earth. So we understand why the concept of a truly first class service from a Virtual Chief Information Security Officer (vCISO) at a fraction of the cost of a resident human being, may appear to be stretching credibility. But it isn’t. Encompassing the whole gamut of CISO function, the best vCISO services not only meet the standard of a resident CISO but actually surpass it in a number of ways.

There are a several reasons for this. Firstly, consider the alternative. The reality is that high calibre CISOs are in very short supply. There is plenty of evidence to show that recruitment is a real issue both in the UK and across the globe. As a result, those with the expertise and experience are in high demand and command inflated salaries.  What is more, retention levels are low with the average tenure lasting between 18 and 24 months. This not only presents a problem in terms of continuity in delivering your information security strategy but means that the whole recruitment process and its associated costs recur with alarming regularity.

In contrast, the Virtual CISO service has inbuilt cost-savings and longevity. By its very nature, it hits the ground running and has resilience built in, continual development at its core, and delivers an uninterrupted service over a period of many years. Yet SRM’s vCISO service costs on average 30 – 40 per cent of the salary of a top class CISO and there are no additional recruitment or attraction costs. The benefits, however, go well beyond the financial.

Supported and resourced by a team of industry experts with the highest level of qualifications and industry experience, our vCISO service brings wide-ranging skills direct to your board room. What is more, as President Harry S. Truman famously said: ‘the buck stops here’. Just because the service is virtual, the same levels of accountability apply to the vCISO team. We help with the responsibility for your organisation’s online security as well as evidencing adherence to all industry, regulatory and legal standards.

What is more, the virtual CISO model is bespoke, flexible and can be used as little or as much as required, depending on the individual company. In some cases we can support the existing in-house team with additional resource. In others, we can take on the entire role. Whatever your current cyber maturity level, it is worth exploring the benefits of SRM’s industry-leading vCISO service. Our high level of client retention is testament to the fact that, on this occasion, it actually isn’t too good to be true.

Keep an eye out for our webinar on this subject later this week.

If you would like to find out more about SRM’s VirtualCISOTM service, contact or call 03450 21 21 51.

For more information on SRM’s VirtualCISOTM service, visit our website.

Or read our blog:

How a CISO can exert influence at board level

Pen testing: seeing both the wood and the trees

Retained Forensics and Incident Response Service: how planning for the worst can add value to your business


Back to top