Fractional and Virtual CISO Growing Popularity

Jan 5, 2020

Fractional and Virtual CISO services are growing in popularity. This is just the latest area in the growing fractional executive market. What is the cause of this trend?  Think of it this way. Most companies don’t own the jets they use to transport their C-Suite executives around the world. Before the concept of the sharing economy was mainstream, companies were sharing one of their largest costs. They either owned a fraction of a jet, or they used a sharing company that gave them on-demand access when they needed it without the headaches of ownership (think the Uber of the skies).


This concept has become increasingly popular when it comes to talent.  One of the next places where the on-demand/fractional ownership model is growing is with the C-Suite executives themselves, specifically with Chief Information Security Officers (CISOs) and the notion of fractional or virtual CISO services. This is the perfect solution for small and medium-sized businesses that should be considering hiring a fractional CISO.


The Average Breach Costs $3.86 Million USD

A study from IBM found that the global average cost of a cyber breach increased by 6.4 percent from 2017 to 2018 to a total of 3.86 million USD – a figure that would possibly push many small and medium-sized businesses into insolvency. However, small businesses usually require the experience and skills of a CISO only on an interim basis. Hiring fractional or virtual CISO services is more cost-effective for short to medium-term needs.

When it comes to cybersecurity, you don’t want to be hiring your CISO after a breach, as the reputational damage and remediation costs will be a fraction of what it would have cost to hire a fractional CISO in the first place. Worse yet, if you operate in a regulated industry (such as banking or pharmaceuticals) there may be regulatory implications.

Reasons to Hire a Fractional or Virtual CISO

Below are some of the additional top reasons you might choose to go with fractional or Virtual CISO services:

1. You suffered a cyber breach

Hiring an experienced CISO on a short-term basis to help steer you through responding and remediating a breach can be a cost-effective way to deal with the issue. Many businesses – especially smaller ones – cannot justify the cost of an executive that may never be necessary. However, if a security breach does occur, it’s best if your CISO hire is not reactionary, but to have one in place to prevent the breach in the first place. Other options, such as hiring an external consulting party, can be enormously expensive.

2. You don’t need a full-time CISO or can’t afford one

You recognize the importance and value of an experienced CISO, but do not need one full-time or can’t afford it. Many owners offer equity in lieu of pay and while this decreases costs, it also decreases your ownership stake. With a high growth, small to medium-sized company, diluting ownership may not be in your best interests. Having a fractional CISO means this may not be necessary.

3. You are expanding into a new regulatory environment

A great example is the European Union (EU), which recently implemented a new law called the General Data Protection Regulation (GDPR). If you do business in the EU, then this will apply to you. Fines for non-compliance can be substantial as they can range from a warning to 4% of your global turnover (capped at 20 million GBP). Thus, it’s important to ensure you have carefully determined what your obligations are. In this case, it can be an enormous advantage to hire a fractional CISO with direct experience in the regulations that apply in your situation. You also only pay for what you need, so there is no expensive idle time.

Consumers Care About What Happens to Their Data

Not only can breaches be expensive, they can also be ruinous in terms of reputational damage. A recent PWC study found that consumers are concerned about how companies protect their privacy. PWC found that just 25% of respondents stated they believe companies will handle their sensitive data responsibly. Furthermore, 87% of consumers stated that they would take their business elsewhere if they don’t trust a company handling their data.

The Drive to Hire Fractional or Virtual CISO Services

With an ever-evolving cyber threat landscape, having an experienced cyber leader can make all the difference in protecting consumer data while building their trust and the reputation of the company. These statistics affect businesses of all sizes, but the smaller companies often do not have the resources to keep a full-time CISO on staff.

Being able to customize both the cost and expertise required for short-term needs unlocks great value for many companies. In the future, expect to see more and more small and medium-sized businesses utilizing fractional or virtual CISO services.

Click here to learn more about OVESTO and our Fractional and Virtual CISO Services.

virtual CISO


virtual CISO

John R. Miles is a Navy veteran and the founder and CEO of OVESTO, the leading provider of on-demand executive staffing. OVESTO provides transformational leaders for fractional, interim or project assignments. Miles is widely viewed as an expert on digital disruption, problem-solving, and business transformation. He is a highly sought after speaker, consultant, and writer. Miles has significant business experience as a Fortune 50 CIO, ASX 10 CISO, and seasoned private equity leader in CEO, CMO, and COO roles across several diverse industries.


Click on a category below to view all articles

Cybersecurity & risk


Sales and Marketing


strategy & business


At Ovesto, we do more than sell solutions, we solve business problems. We begin by going deep to truly understand what our clients need, exhausting the possibilities to get to the right approach. Ovesto provides organizations with the expertise and creative solutions to help you realize your full potential.

© 2020 Ovesto, LLC is an Equal Opportunity/Affirmative Action employer M/F/D/V

Pin It on Pinterest

Share This