The State of the Virtual CISO 2023

MSPs and MSSPs recognize the business potential of offering vCISO services. Read all you need to know about this latest industry development in Cynomi’s detailed report.

The state of the vCiso 2023 Report. Man, looking at vCiso Dashboard.

vCISO services have caught the attention of MSPs and MSSPs as a lucrative business opportunity. However many of them face significant challenges, such as a shortage of experienced personnel, limited expertise in security and compliance, and difficulties in achieving scalable operations. This report dives into this predicament and investigates it thoroughly.


Expected Increase in MSPs and MSSPs Offering vCISO Services

More than two thirds, 67%, of security-focused MSPs and MSSPs plan to add vCISO services to their offering by the end of 2024.

Statistical results from the 2023 vSico survey concluded that 44% of respondents considered it an easy upsell of other products and services, a 43% increase in margins, and 42% improving customer security.

vCISO Services –
A Lucrative Opportunity

The main benefit of offering vCISO services is the ability to easily upsell more products and services, per 44% of respondents. This is followed by increased margins (43%) and improving customer security (42%).

The bar graph shows statistics around limited security compliance knowledge, the high initial cost of investment, and the lack of skilled cybersecurity personnel, making vCISOs a viable solution for MSSPs.

But it’s not that easy…

Knowledge and a skills gap are a major challenge.
More than a ⅓ of MSPs and MSSPs state they

  • Have limited security or compliance knowledge.
  • Are worried about the high initial investment.
  • Lack the skilled cybersecurity personnel.
Survey results show that 91% of respondents considered that growing or offering vSICO services requires growing your cyber security team, and 63% of companies can't afford hiring new cybersecurity experts.

Hiring Cybersecurity Experts is the Main Blocker to Offering vCISO Services

91% think that growing or offering vCISO services requires growing their cybersecurity security team. But 63% cannot afford hiring new cybersecurity professionals.

For MSPs and MSSPs to grow their business and scale, they need to offer vCISO services.
They should offer a comprehensive set of services, including risk management, compliance, security policies, remediation plans, security training, vulnerability management, incident response, and more. They also need to provide clear reporting and help their security clients communicate and evangelize up and across the organization. Without these capabilities, MSPs and MSSPs will not realize their full potential.

Cynomi's survey results showcase a deeper understanding of the challenges facing MSPs and MSSPs today. The survey included 200 security and IT leaders (C-level, VPs, Heads, Directors) in MSPs and MSSPs of all sizes.


Cynomi commissioned this survey to get a deeper understanding of the challenges facing MSPs and MSSPs today. The survey included 200 security and IT leaders (C-level, VPs, Heads, Directors) in MSPs and MSSPs of all sizes. The respondents were from North America. They all offer cybersecurity services, and some offer additional networking services. The respondents were recruited through a global B2B research panel, and invited via email to complete the survey. Global Surveyz, an independent survey company, completed the survey which took place during June and July 2023.

Get your copy of the Report Today