Stateofthe

VirtualCISO2025

HowAIisReshapingCybersecurityandComplianceServices

SurveyReport|July2025

TableofContents

IntroductionandKeyFindings 3

MeetingtheDemandforAdvancedCybersecurityServices 7

SMBClientsAreDrivingHighDemandforvCISOServices 8

DemandforAdvancedCybersecurityServicesisRisingAcrosstheBoard 9

vCISOServicesSurgeasMoreProvidersRespondtoMarketDemand 10

vCISOProvidersReportWide-RangingBusinessandSecurityBene?ts 11

EvenNon-AdoptersSeetheValueinvCISOServices 12

RiskAssessmentsO?erClearValueandaPathtovCISOServices 13

CostandResourceConstraintsaretheMainBarrierstovCISOAdoption 14

MostProviderswithoutvCISOO?eringsPlantoAddThemSoon 15

HowAIisReshapingCybersecurityandComplianceServices 16

AIisPoisedtoImproveCybersecurityandComplianceServices 17

ProvidersSeeBroadPotentialforAIAcrossCybersecurityandComplianceTasks 18

MostvCISOProvidersareAlreadyUsingAIandAutomation 19

AIDeliversMeasurableE?ciencyGainsforvCISO 20

vCISOProvidersSeeGreaterPotentialforAItoSaveTime 21

What’sNextforServiceProviders 22

AIAdoptionisSettoGrowAcrossCybersecurityandComplianceServices 23

ServiceProvidersareFocusedonGrowthandOperationalStrength 24

Demographics 25

AboutCynomi 27

StateoftheVirtualCISO2025

IntroductionandKeyFindings

Introduction&Methodology

WhenwelaunchedtheStateoftheVirtualCISOsurveythreeyearsago,thegoalwasto

betterunderstandhowserviceprovidersareevolvingtheircybersecurityandcomplianceo?eringsandadoptingthevCISO(virtualCISO)model.Asthemarketcontinuestomature,sodoesthisannualreport,highlightingkeytrends,challenges,andopportunitiesforMSPs,MSSPs,andcybersecurityconsultanciesnavigatingashiftinglandscape.

Thisyear’sdatatellsaclearstory:vCISOservicesarerapidlymovingintothemainstream.Injustoneyear,theshareofproviderso?eringtheseserviceshasjumpedfrom21%to67%.

Thesurveyaudienceremainedconsistentwithpreviousyears,re?ectinggrowingdemandamongSMBclientsformorestructured,proactivesecuritysupport,andaclearaccelerationinhowprovidersareresponding.

Atthesametime,thede?nitionof“vCISOservices”isevolving.Whatbeganasafocused

o?eringhasexpandedintoawiderrangeofcybersecurityandcomplianceactivities,

includingeverythingfromriskassessmentsandcontinuouscompliancereadinessto

managingclients’cybersecurityroadmapsandcyberresilience.Thisbroaderapplication

re?ectshowserviceprovidersarethinkingmorestrategicallyaboutcybersecurityasadriverofbothprotectionandgrowth.

Wealsoexplorednewterritoryinthisyear’ssurvey,addingquestionsonAIandautomation,toolsthatareincreasinglycriticaltoserviceprovidersuccess.Theresultso?erinsightnot

justintowherethevCISOmarketstandstoday,butintowherecybersecurityandcomplianceservicesareheadednext.

Asaleaderinthisspace,Cynomiremainscommittedtohelpingchartthatpathforward.

METHODOLOGY

TounderstandthecurrentstateofthevCISOmarketandhowcybersecurityandcomplianceservicesareevolving,wecommissionedasurveyof200

seniorsecurityleadersfromtheU.S.andCanada,splitevenlybetweenMSPsandMSSPs.Respondentsheldseniorroles,includingOwner,CEO,CIO,CISO,COO,vCISO,HeadofSecurity,andSeniorSecurityConsultant,withall

participantsatthedirectorlevelorabove.

ThesurveytargetedITcompaniesthatprovidecybersecurityconsultingor

strategiccybersecurityservices.MSPrespondentsrepresentedcompanieswith

50ormoreemployees;MSSPshadaminimumof10employees.Theaudiencepro?leremainedconsistentwithpreviousyears,allowingforreliable

year-over-yearcomparisons.

ThesurveywasconductedbyGlobalSurveyz,anindependentresearch?rm,and?eldedduringMay2025.RespondentswererecruitedthroughaglobalB2Bresearchpanelandinvitedviaemailtocompletethesurvey.Most

non-numericalquestionswererandomizedtomitigateorderbiasinresponses.

04

KeyFindings

StateoftheVirtualCISO2025

01DemandforvCISOservicesisgrowingrapidlyacrosstheMSPandMSSPlandscape.

HighdemandforvCISOservicesjumpedfrom75%in2024to79%in2025,withcombinedhighandmoderate

demandnowreaching96%.Largerprovidersareespeciallylikelytoreportstrongdemand,with86%ofcompanies

with1,000+employeesindicatinghighclientinterest.Thistrendsignalsthatstructured,ongoingcybersecuritysupportisbecomingastandardclientexpectation,andserviceprovidersthatdelaymayriskfallingbehind.

02vCISOserviceadoptionhasmorethantripledyearoveryear.

In2024,only21%ofMSPsandMSSPssaidtheywereo?eringvCISOservices.By2025,thatnumbersurgedto67%,a319%increase.Thisdramaticshiftre?ectsbothrisingmarketdemandandtheful?llmentoflastyear’sstatedintentions,when74%ofnon-adopterssaidtheyplannedtolaunchvCISOservicesbytheendof2025.

03Mostnon-adoptersplantoaddvCISOservicessoon.

Amongprovidersnotcurrentlyo?eringvCISOservices,50%plantodosobytheendof2025,andanother27%aretargeting2026.Only3%havenoplansatall.Thissignalsaclearmarketdirection:vCISOismovingfromanemergingo?eringtoanexpectedpartofanyfull-servicecybersecurityportfolio.

04Barrierstoo?eringvCISOservicesaremostlyoperational.

AmongproviderswhohavenotyetlaunchedvCISOservices,thetopreasonsincludeconcernsaboutpro?tability

(35%),highinitialinvestment(33%),andalackofskilledcybersecuritysta?(32%).Thesearerealchallenges,buttheyaremoreaboutresourcesandramp-upthandoubtsaboutthemodelitself,andmanycouldbeeasedwiththerightplatformandsupport.

05

KeyFindings

StateoftheVirtualCISO2025

05ServiceproviderswidelyagreethatAIwillimprovecybersecurityandcomplianceservices.

Afull95%ofrespondentsbelieveAIcanenhancetheservicestheydeliver,with50%stronglyagreeing.Thepotentialbene?tsspanawiderangeoftasks:46%seevalueincompliancereadiness,whileothershighlighttaskprioritization(40%),clientcommunication(39%),automatedreporting(38%),andriskorsecurityassessment(37%).Theconsensusisclear:AIwillreshapehowservicesaredeliveredacrosstheboard.

06vCISOprovidersareleadingthewayinAIadoption.

Amongrespondentsalreadyo?eringvCISOservices,81%areactivelyusingAIorautomationtoolsintheirdelivery,andanother15%plantoadopttheminthenext12months.Theseprovidersarealreadyseeingreturnsintheformoftimesavings,scale,ande?ciency,con?rmingthatAIisnolongerexperimentalbutoperationalinhigh-performing

practices.

07AIisdeliveringmajortimesavingsinvCISOwork?ows.

vCISOprovidersusingAIreportanaverage68%reductionincybersecurityandcomplianceworkloadoverthepast

year.Overhalfsaythey’vesavedatleast60%oftheire?ort.Theseresultsdemonstratehowsigni?cantlyautomationisimprovingday-to-dayoperationsforthosealreadyusingit,allowingteamstodelivermorewithlessmanuallift.

08AIadoptionisbecominganear-universalpriorityamongserviceproviders.

MorethanhalfofMSPsandMSSPssurveyedarealreadyusingAI-driventoolsforcybersecurityandcompliance,andanother44%plantoadoptthembytheendof2026.Only1%havenoplanstoimplementAIatall.Thismomentumre?ectsgrowingcon?denceinAI’sroleinstreamliningoperationsandimprovingservicedelivery,makingitacentralfocusfornearlyeveryprovider.

06

MeetingtheDemandfor

AdvancedCyberServices

SMBClientsAreDrivingHighDemandforvCISOServices

WeaskedMSPandMSSPleadershowtheywouldratethecurrentdemandforkeyadvancedcybersecurityandcomplianceservicesamongsmalland

medium-sizedbusinesses(SMBs)intheirclientbase.

Theresultsshowstrongdemandacrosstheboard,withvCISOservices

receivingthehighestshareofrespondentsreportinghighdemand(79%).Otherservices,includingcompliancereadiness(30%),cyberinsurancereadiness

(27%),strategiccybersecurityplanning(25%),andcyberriskassessment(22%),alsorepresentmeaningfulopportunities,particularlywhenintegratedintoa

broaderserviceo?ering.

Inmanycases,providersuseserviceslikecybersecurityriskassessmentsorcomplianceevaluationstouncovergapsandstartdeeperconversationsaboutongoingsupport.Theseservicesmaynotbehighinstandalonedemand,butthey’reoftenkeystepsintheclientjourneytowardmorecomprehensive

ongoingcybersecurityorcompliancemanagement.

WhenlookingatdemandforvCISOservicesbyprovidersize(Figure2),aclearpatternemerges:86%oflargecompanies(1,000+employees)reporthigh

demand,comparedtojust68%ofsmallerproviders(51–199employees).

StateoftheVirtualCISO2025

Demandrisessteadilywithsize,pointingtoashiftinboththematurityoftheproviderandtheexpectationsoftheirclients.

vCISOservices

Compliancereadiness

Cyberinsurancereadiness

Strategiccybersecuritymanagementand

planning

Cyberriskassessment

30%55%14%

27%56%15%

25%60%14%

25%61%16%

79%17%

4%

1%

2%

1%

1%

●Highdemand

●Moderatedemand

Lowdemand

Nodemandatall

Figure1:DemandforAdvancedCybersecurityServicesAmongSMBClients

79%

Allrespondents

68%

51-199

84%

200-499

83%

500-999

86%

1000+

08

Figure2:“vCISOServices-HighDemand"byCompanySize

DemandforAdvanced

CybersecurityServicesisRisingAcrosstheBoard

Tounderstandhowdemandforcybersecurityandcomplianceservicesis

evolving,wecomparedthisyear’sresultswiththe2024surveydata.The

Cyberinsurancereadiness

?ndingsshowaclearupwardtrendacrossmostservicecategories,indicatingthatSMBsareincreasinglyseekingmorecomprehensivesupportfromtheirserviceproviders.

Whenwelookatcombinedhighandmoderatedemand,vCISOservicesremaintheclearfront-runner,risingfrom94%in2024to96%in2025.Compliance

Strategiccybersecuritymanagementandplanning

readinessfollowsasimilartrend,climbingfrom72%to86%.Theseincreasesre?ectthegrowingpressureonSMBstomeetregulatoryrequirementsandimprovetheiroverallcybersecurityposture.

Cyberinsurancereadiness,strategiccybersecurityplanning,andcyberriskassessmentalsoshowsteadydemand.

Overall,thetrendisclear:demandisgrowingacrosstheboard.Regardlessofwhichadvancedservicesaproviderchoosestoo?er,SMBclientsaremore

awarethaneveroftheneedforstructured,forward-lookingcybersecurity

StateoftheVirtualCISO2025

support.ForMSPsandMSSPs,thisshiftrepresentsbothachallengeandasigni?cantopportunitytodeepentheirrelationshipsandexpandtheirservicemodelswhilebecomingtrustedpartnersoftheirclients.

vCISOservices

96%

94%

Compliancereadiness

86%

72%

84%

71%

85%

71%

83%

69%

Cyberriskassessment

●High+Moderatedemand2025●High+Moderatedemand2024

09

Figure3:DemandforCybersecurityServicesAmongSMBClients-ComparisonBetween2025and2024

vCISOServicesSurgeasMoreProvidersRespondtoMarketDemand

Thisyear’sdatashowsadramaticshiftintheservicesMSPsandMSSPsare

currentlyo?ering,withvCISOservicesleadingthechange.In2024,just21%ofrespondentssaidtheyo?eredvCISOservices.In2025,thatnumberjumpedto67%,anincreaseof319%.

Thisleapalignscloselywithwhatproviderstolduslastyear.Atthetime,74%ofrespondentswhohadnotyetlaunchedvCISOservicessaidtheyplannedtodosobytheendof2025.Thenewnumberscon?rmthatintentionistranslating

intoaction,withvCISOservicesbecomingacentralpartofthemodernserviceprovidero?ering.

Pentestingalsosawgrowthyearoveryear,with73%ofrespondentssayingtheyo?erthisservice,thoughtheincreasewassmallerbycomparison.

AcloserlookatvCISOadoptionbycompanysizerevealsafamiliarpattern:80%ofproviderswithover1,000employeesnowo?ervCISOservices,comparedto52%amongproviderswith51to199employees(Figure5).ThistrendmirrorsthedemandpatternsseeninFigure2,wherelargerprovidersreporthigherclient

demandforvCISOservices,likelycontributingtotheirhigheradoptionrates.

StateoftheVirtualCISO202

TherapidriseinvCISOadoptionre?ectsbothmarketreadinessandprovidermomentum.

73%

Pentesting

47%

67%

21%

27%

22%

mm24%

23%

vCISOservicesManagedDetection&Response(MDR)

22%

22%

20%

16%

●20%

21%

20%

22%

19%

23%

18%

19%

17%

19%

16%

20%

●16%

21%

CyberinsurancereadinessExtendedDetection&Response(XDR)ManagedSIEM/SOC

Patchmanagement

DarkwebmonitoringExternalattacksurfacemanagementIncidentResponse(IR)&forensics

16%

15%

Riskassessment Securityawareness&trainingCompliancemonitoringandreadiness

●2025●2024

Threatintelligence

Figure4:CurrentProducts/ServicesO?ered

Allrespondents51-199

200-499

500-9991000+

67%

52%

65%

74%

80%

Figure5:O?ering"vCISOservices"byCompanySize,2025

10

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

vCISOProvidersReport

Wide-RangingBusinessandSecurityBene?ts

Weasked134serviceproviderleaderswhoalreadyo?ervCISOservicesabouttheimpactthey’veseen.Nearlyeveryrespondent(99%)reportedexperiencingmeasurablebene?ts.Andwhilethespeci?coutcomesvary,therangeofgains

makesastrongcaseforthevalueofaddingvCISOtoaprovider’sservicelineup.

Themostfrequentlycitedbene?twasimprovedcustomersecurity,selectedby43%ofrespondents.Buttheimpactgoesfarbeyondclientprotection.Providersalsoreportedstrongerbusinessoutcomes:41%sawimprovedupsellofother

productsandservices,40%reportedincreasedmargins,39%notedanincreaseintheircustomerbaseand38%saweasieroutreachtonewprospects.

Additionalbene?tsincludedincreasedrevenue(36%)anddeeperclientengagement(34%).

StateoftheVirtualCISO2025

Thedatapointstoabalancedpicture:vCISOservicessupportbothbusinessgrowthandsecurityoutcomes,makingthemacompellingchoiceacrossroles,whetherfocusedonpro?tability,retention,orcustomersuccess.

Improvingcustomersecurity

Upsellofotherproductsandservices

Increasedmargins

Increaseincustomerbase

Easieroutreachtonewcustomers

Increasedrevenue

Increasedclientengagement

Haven’texperiencedanything

43%

41%

40%

39%

38%

36%

34%

1%

Figure6:ImpactofO?eringvCISOServices

11

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

EvenNon-AdoptersSeetheValueinvCISOServices

TounderstandhowthebroadermarketviewsvCISOo?erings,wealsoaskedserviceproviderleaderswhodonotyeto?ertheseserviceswhatbene?tstheyassociatewiththem.Theresponsesshowstrongalignmentwiththosealreadyo?eringvCISO,highlightingawidespreadrecognitionofthemodel’sbusinessvalue.

Atthetopofthelist,44%ofrespondentspointedtotheeaseofupsellingotherproductsandservicesasthebiggestadvantage.Closebehindwerecreatingdi?erentiationfromthecompetition(41%)andincreasingmargins(39%).Theseareallcorebusinessgoals,suggestingthatevenproviderswhohaven’tyet

launchedvCISOservicesunderstandtheirstrategicpotential.

Otherperceivedbene?tsincludeenhancingclientengagement(38%),growingrecurringrevenue(37%),improvingcustomersecurity(36%),andexpandingtonewcustomers(36%).Notably,notasinglerespondentsaidtherewereno

bene?tstoo?eringvCISOservices.

StateoftheVirtualCISO2025

Whiletheseprovidershavenotyettakentheleap,theawarenessisalreadyinplace.Thediversityofperceivedbene?ts,spanninggrowth,retention,security,andsales,suggeststhatadoptionislikelyamatteroftiming,notskepticism.Formany,thepathtoo?eringvCISOisnotaboutconvincingleadershipofitsvalue,butabout?ndingtherightoperationalmomenttobegin.

Easyupsellofotherproductsandservices

Createdi?erentiationfromthecompetitionIncreasemargins

Enhanceclientengagement

Growrecurringrevenue

Improvingcustomersecurity

ExpansiontonewcustomersDon’tseeanybene?ts

44%

41%

39%

38%

37%

36%

36%

0%

Figure7:Bene?tsofAddingvCISOServicestoMSP/MSSPO?erings

12

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

RiskAssessmentsO?erClear

ValueandaPathtovCISOServices

WhilevCISOserviceso?erlong-termvalue,manyserviceprovidersbegintheirjourneywithcybersecurityriskassessments.Thesefocused,structured

engagementsareeasiertoimplement,oftendeliveredasone-timeprojects,andcanactasaspringboardtomoreadvancedo?erings.

Weaskedserviceproviderstosharetheperceivedbene?tsofaddingrisk

assessmentstotheirportfolio.Theresponsesre?ectmanyofthesame

advantagesreportedforvCISOservices.Atthetopofthelist,48%pointedtoeasierupsellofotherproductsandservices,followedbydi?erentiationfromcompetitorsandimprovedcustomersecurity,bothat44%.

Othercitedbene?tsincludegrowingrecurringrevenue(37%),expandingtonewcustomers(35%),enhancingclientengagement(35%),andincreasingmargins(29%).AswithvCISOservices,norespondentssaidriskassessmentso?erno

bene?t.

Theoverlapinperceivedvaluesuggeststhatriskassessmentsarenotjust

usefulontheirown;theyoftenserveasafootinthedoor.Byexposing

cybersecuritygapsontheclientside,theycreateanaturalopeningforMSPsandMSSPstorecommendadditionalservicesthatclosethosegaps.This

positionstheproviderasatrustedadvisorandcreatesapathwaytodeeper,ongoingengagementssuchascybersecuritymanagementorvCISOservices.

StateoftheVirtualCISO2025

Forproviderslookingtobuildlong-termrelationships,riskassessmentso?erapractical,high-impactstartingpoint.

Easyupsellofotherproductsandservices

Createdi?erentiationfromthecompetitionImprovingcustomersecurity

Growrecurringrevenue

Expansiontonewcustomers

Enhanceclientengagement

IncreasemarginsDon’tseeanybene?ts

48%

44%

44%

37%

35%

35%

29%

0%

Figure8:Bene?tsofAddingCybersecurityRiskAssessmenttoMSP/MSSPO?erings

13

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

Concernsaboutpro?tabilityorROI

Highinitialinvestment

Lackofskilledcybersecuritypersonnel

Toomanytime-consumingtasks

Limiteddemandfromclients

Limitedheadcount

Di?cultytosellthisservice

Limitedsecurityorcomplianceknowledge

Don’thavethetechnologytosupportthis

service

Wasnotawareofthatserviceuntilrecently

Noprocessesinplaceforthiso?ering

CostandResourceConstraintsaretheMainBarrierstovCISOAdoption

WhilevCISOservicesareseeingstrongdemandandclearbene?ts,noteveryserviceproviderhasmadetheleap.Weasked66respondentswhoarenotcurrentlyo?eringvCISOserviceswhytheyhavenotyetaddedthemtotheirportfolio.

Themostcommonreasoncitedisconcernsaboutpro?tabilityorROI,selectedby35%ofrespondents.Thisisfollowedbyhighinitialinvestment(33%)anda

lackofskilledcybersecuritypersonnel(32%).Thesetopbarriersre?ectconcernsaboutcostandinternalresources,factorsthatarecloselytiedandoftencome

upwhenintroducingnewservicelines.

Whilenoneofthebarriersaresurprising,theyhighlightcommonoperationalandbusinesshurdlesratherthanskepticismabouttheserviceitself.AsvCISO

StateoftheVirtualCISO2025

platformsautomatesomeoftheworkandbecomeeasiertoimplementandmoredirectlytiedtorevenuegrowth,manyoftheseobjectionsmayfade,especiallyasmarketpressureandclientexpectationscontinuetorise.

35%

33%

32%

29%

29%

26%

26%

21%

21%

21%

17%

Figure9:PrimaryReasonsforNotO?eringVirtualCISOServices

14

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

MostProviderswithoutvCISO

O?eringsPlantoAddThemSoon

Amongthe66serviceproviderleaderswhodonotcurrentlyo?ervCISO

services,themajorityarealreadyplanningtoclosethatgap.Whenaskedabouttheirtimeline,50%saidtheyplantolaunchvCISOo?eringsbytheendof2025.

Another27%expecttodosoin2026.

Theseresponsesreinforcewhatthebroadersurveydatasuggests:service

providersrecognizethedemandforvCISOservicesandareactivelypreparingtomeetit.Whilesomearestillworkingthroughinternalbarrierssuchas

investmentorsta?ng,theintenttomoveforwardisstrong.

ThisisakeysignalthatthemarketiscontinuingtoshifttowardvCISOasa

StateoftheVirtualCISO2025

foundationalservice.Forprovidersnotyeto?eringit,thewindowtodi?erentiateearlyisclosingfast.Thedirectionisclear,andmomentumisbuilding.

%ofrespondents

50%

27%

20%

3%

During2026

Bytheend

of2025

Sometimein

Noplans

thefuture

15

Figure10:PlansforO?eringvCISOServices

HowAIisReshapingCyber

andComplianceServices

AIisPoisedtoImprove

CybersecurityandComplianceServices

WeaskedserviceproviderleaderswhethertheybelieveAIcanhelpthem

providebettercybersecurityandcomplianceservicestotheirclients.The

responsewasnearlyunanimous:95%agreethatAIwillhaveapositiveimpact,with50%stronglyagreeingand45%somewhatagreeing.

ThisstrongconsensuspointstoasharedrecognitionthatAIisnotjustatrend,butatransformativeforceforhowMSPsandMSSPsoperate.

Thetakeawayisclear.AIisexpectedtoplayacriticalroleinimprovingboththequalityande?ciencyofclient-facingservices.Fromriskdetectionand

compliancetrackingtotaskautomationandreporting,providersseethepotentialtodeliversmarter,faster,andmorescalablesolutions.

Asdemandforadvancedcybersecurityandcompliancesupportgrows,AIis

StateoftheVirtualCISO2025

likelytobecomeakeyenabler,helpingprovidersmeetclientexpectationswhileimprovinginternalperformance.

0%Stronglydisagree

1%Somewhatdisagree

4%Neitheragreenordisagree

45%

Somewhat

agree

Strongly

agree

50%

95%AGREE

17

Figure11:CanAIHelpYouProvideBetterCybersecurityandComplianceServicesforClients?

ProvidersSeeBroadPotentialforAIAcrossCybersecurityand

ComplianceTasks

TounderstandwhereAIcoulddeliverthegreatestimpact,weasked

respondentstoidentifythecybersecurityandcompliancetaskswheretheyseethemostpotentialvalue.TheresultshighlightawiderangeofareaswhereAIcansupportandstreamlinevCISO-relatedwork.

Atthetopofthelistiscompliancereadinessandmonitoring,citedby46%ofrespondents.Thisisfollowedbytaskprioritization(40%)andclient

communication(39%),twoareasthatareoftenmanualandtime-consuming.

Automatedreporting(38%)andriskorsecurityassessments(37%)werealsoseenaspromisingusecasesforAI.Othertaskssuchasautomatingmanual

cybersecuritywork(36%)andremediationplanning(34%)werenotfarbehind.

These?ndingsreinforcetheideathatAIisnotlimitedtoasingleusecase.Fromback-endprocessestoclient-facingtasks,providersseemeaningfulpotentialforAItoimproveaccuracy,reduceworkload,andmakeservicedeliverymore

scalable.AsMSPsandMSSPscontinuetogrowtheircybersecurityand

StateoftheVirtualCISO2025

complianceo?erings,AIispositionedtoplayasupportingroleacrossnearlyeveryfunction.

Compliancereadiness/monitoring

Taskprioritization

Clientcommunication

Automatedreporting

Risk/securityassessment

Automatingmanualcybersecuritytasks

Remediationplanning

46%

40%

39%

38%

37%

36%

34%

0%

Don’tbelieveAIprovidesvalueintheseareas

Figure12:PotentialValueofAIinEnhancingCybersecurityandComplianceServices

18

*Questionallowedmorethanoneanswerandasaresult,percentageswilladduptomorethan100%

MostvCISOProvidersareAlreadyUsingAIand

Automation

Amongthe134respondentswhocurrentlyo?ervCISOservices,thevast

majorityarealreadyleveragingAIorautomationtoolstosupporttheirwork.

WhenaskedwhethertheirvCISOpracticeusesautomationorAIfortaskssuchasassessments,planning,compliancemonitoring,orreporting,81%saidyes.Anadditional15%plantoadoptthesetoolswithinthenextyear.

Thiswidespreadadoptionre?ectsastrongconnectionbetweenthenatureofvCISOworkandthee?cienciesthatAIandautomationcandeliver.ManycorevCISOactivitiessuchasdocumentation,prioritization,andreportingare

time-consumingandrepetitive.Toolsthatstreamlinetheseprocessesallowserviceproviderstoworkfaster,delivermorevalue,andscaletheirserviceswithoutincreasingheadcount.

ThehighusageratealsosupportswhatwesawinFigure12:serviceprovidersseeclearvalueinapplyingAIacrossnearlyeveryaspectofcybersecurityandcompliancemanagementservices.ForthosealreadydeliveringvCISO,

StateoftheVirtualCISO2025

automationisnotafuturegoal;itispartofhowtheyworktoday.

81%

%ofrespondents

15%

4%

ActiveuseofAI/Automation

Noadoptionplans

Planningto

adoptin12

months

19

Figure13:UseofAutomationandAIToolsinvCISOServiceDelivery

AIDeliversMeasurable

E?ciencyGainsforvCISO

ForvCISOserviceprovidersalreadyusingAIorautomation,theoperational

impactisclear.Whenaskedhowmuchthesetoolshavereducedtheirteam’scybersecurityandcomplianceworkloadoverthepast12months,respondentsreportedanaveragereductionof68%.

Breakingdownthedatafurther,42%ofvCISOprovidersreportedaworkloadreductionof81to100%,while15%sawareductionbetween61and80%.

Another32%reportedsavingsbetween41and60%.Only1%ofrespondents

saidtherewasnoreductionoranegativeimpact,underscoringjusthowwidelyAIisdeliveringvalueforthosealreadyusingit.

Thesegainsarenottheoretical;theyre?ectrealreductionsinmanualwork,freeingupteamstofocusonhigher-impactactivities.ForMSPsandMSSPs

StateoftheVirtualCISO2025

o?eringvCISOservices,AIisprovingtobeac