How a vCISO could save you £350k per year

Hedgehog Security Limited

The cost of running a security office can be in excess of £400k per year. Peter Bassill from Hedgehog Security explains how a vCISO can offer the same protection for a much lower cost

Cyber security is a key consideration for any organisation, but especially for those that rely on computer networks, systems and software to run their businesses and deliver the products and services they offer to clients and customers.

If your company does not have a best in class cyber security set up and processes in place, you are at significant risk of falling victim to a cyber-attack. And right now, hackers are working overtime to exploit vulnerabilities and weaknesses in businesses of all sizes.

The best way to mitigate the risk of a cyber-attack is to establish a dedicated security team within the business, and to staff that office with a Chief Information Security Officer and the supporting staff – engineers, testers, auditors, etc – required to run it.

But the cost of doing this is significant.

The average salary of a Chief Information Security Officer is around £95,000.00 per anum and the associated staff (security manager, security engineer, internal auditor and penetration tester) costs a further £200,000.00 per year.

Combining the office space and equipment requirements for the team brings the total cost of a security office closer to £400,000.00 per year. For the vast majority of small to medium sized businesses, this cost is prohibitive.

As a result, they take only the basic steps to protect their networks and systems from attack, leaving them exposed and highly likely to be breached. But this need not be the case with a Virtual Chief Information Security Officer (vCISO) providing the same level of protection for a fraction of the price.

A vCISO acts as both CISO and Information Security Team. The work is undertaken by a cyber security agency whose internal team will cover off all of the roles and responsibilities. What's more, work is carried out to ISO27001 and Cyber Essentials Standards.

Just some of the work undertaken by a vCISO includes:

  • Cyber Essentials and Plus Certification
  • Compliance and Regulatory controls management
  • User awareness and training
  • Vulnerability assessment
  • Data protection
  • Annual penetration testing
  • 24/7 support

The cost of a vCISO is much, much lower than that of having a CISO and an in-house team. Our vCISO service starts from as little as £750 per month, while on average the cost for a medium size business is around £3,000 per month.

This is significantly lower than the cost of running an in-house security office and means that small to medium size businesses can ensure they are protected to the highest possible level but for a price that is sensible and affordable to them.

The damage that can result from a successful cyber-attack goes beyond an immediate financial loss and extends to its reputation. This is why security should be at the foundation and core of any business that wants to enjoy a sustainable and successful future.

Sustaining Partners