Virtual chief information security officer (vCISO) services have seen a 319% increase in adoption among managed service providers (MSPs) and managed security service providers (MSSPs), with 67% of providers now offering these services, according to a recent
Cynomi survey.
Meanwhile, demand for
vCISO services among small- and medium-sized businesses (SMBs) is growing, with 96% of MSPs and MSSPs reporting high or moderate interest from their customers, Cynomi said in its “State of the Virtual CISO 2025” report.
Virtual CISOs offer security expertise, leadership and strategic guidance for SMBs without the resources to employ a full-time CISO. Cynomi’s survey included responses from 200 senior security leaders at MSPs and MSSPs in the United States and Canada, 134 of which now offer vCISO services.
The providers’ vCISO services were reported to have the highest demand compared with other services like
compliance readiness,
cyber insurance readiness and cyber risk assessments, with 79% reporting high demand for vCISO services in 2025.
This is an increase from 74% who reported high demand in 2024; meanwhile, the percentage of providers offering vCISO services jumped from 21% to 67%.
Nearly all respondents who provide vCISO services reported measurable benefits, with the most common benefit cited being improved customer security (43%). Providers also said providing vCISOs helped upsell their other products and services (41%), increase their margins (40%) and increase their customer base (39%).
Of those who had not yet introduced vCISO services, 50% said they planned to by the end of 2025 and 27% planned to add this service by 2026. The main barriers to adoption were doubts about profitability (35%), high initial investment (33%) and lack of skilled cybersecurity staff (32%).
Cynomi’s report also looked at the impact of AI on the cybersecurity and compliance services offered by MSPs and MSSPs. The vast majority (95%) of respondents said they believed AI would have a positive impact, and 81% of providers offering vCISO services said they used automation or AI in their vCISO practice.
AI and automation were used by vCISOs for tasks such as assessments, planning, compliance monitoring and reporting. These providers reported that AI and automation tools have reduced their workload by an average of 68% over the past 12 months.
In addition to the 81% already using AI and automation, 15% of vCISO service providers said they planned to adopt these tools within the next 12 months, with only 4% reporting no adoption plans.
With regard to AI-driven cybersecurity and compliance tools specifically, 52% had already adopted them, with 29% planning to use them by the end of 2025 and 15% targeting adoption in 2026.
“These responses suggest that full-scale adoption is on the horizon,” the report states. “The momentum reflects growing confidence in AI’s ability to improve service delivery and reduce manual workload.”
