Very few SME’s will have a CISO.  Many will have an IT team, and IT Manager but only 55% of all organisations had a CISO at the end of 2022, a figure that was up from 25% at the end of 2021, but most of these will be larger organisations, and despite the rapidly increasing awareness of a need there is much confusion on what that role does and unrealistic expectations.

Among all organisations there are improvements that need to be made.  But a CISO role is essential with the increased threat to business operations and reputation, so If you are an SME that has yet to appoint a CISO, what are your options?

Ideally a CISO is a senior leadership role with parity to a CIO.  Many SEO’s won’t have a CIO (Chief Information Officer) either.  A CISO role is about helping the business and it’s employees operate securely and effectively so it permeates every aspect of an organisation and this can only be done within the remit of a very senior leadership role.  But for an SME without a CISO what should they consider?

  • Are you prepared for a CISO to sit on the board, or at least have parity with a Chief Information or Chief Technology Officer?
  • Are you prepared for the CISO to have genuine autonomy for security needs?  Security must be independent to be successful.
  • Are you prepared for organisational change?
  • Are you prepared to view security as organisational rather than IT specific (firewall log etc)?

If your answer is yes to the above you are ready for a CISO.  However maybe you are not ready for whatever reason to appoint for a permanent role and it can be a challenge to find and retain the right person.    In this case, a CISO as-a-service or Virtual CISO is cheaper than recruiting and gives an SME access to someone who can represent the Organisations Cyber Security and Data Protection interests at Board Level (without the risk of them leaving), as well as helping the organisation to develop and help implement organisational change.  Cyber & Data Protection Limited has recognised this challenge for SME’s and can provide this service for you.  All SME’s need (access to) a CISO.  Cyber & Data can also provide you with a virtual CTO if you have need for a IT Director for a project or specific term.