28 Apr CISO Gap: SMBs Exposed; MSSPs To The Rescue
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Apr. 28, 2026
Media outlets globally have been covering the 2026 CISO Report from Cybersecurity Ventures in collaboration with Sophos, and the main message is around the chief information security officer gap: There are 35,000 CISOs employed worldwide in 2026, and there are nearly 360 million businesses in operation.
Joe Levy, CEO at Sophos, told the World Economic Forum that’s a 10,000:1 ratio and a massive challenge for global cybersecurity resilience. “Those are not good odds,” says Levy. “This is a market failure. We haven’t figured out how to address this gap. We have the potential to do that now.”
The good news, according to an article in Forbes, is that an increasing number of organizations are utilizing virtual (remote) CISOs, also referred to as vCISOs, to address the expertise deficit without incurring the costs associated with hiring a full-time executive. “The challenge with the vCISO offerings in the market today is that human bandwidth doesn’t scale infinitely,” says Raja Patel, President, Product & Marketing at Sophos.
Sophos views managed service providers (MSPs) and managed security service providers (MSSPs) as the force multiplier in security leadership. Just as managed detection and response (MDR) proved that security operations scale best through services, security leadership scales best through partners. Various industry estimates put the number of MSPs and MSSPs at tens of thousands globally.
These service providers already sit at the intersection of technology, operations, and trust. Sophos is providing MSPs and MSSPs with its CISO Advantage to extend their role into governance, compliance, and risk management, services that are desperately needed by underserved small to midsized businesses (SMBs). “There’s an opportunity for us to create the next generation of MSPs and MSSPs through this hybrid model of humans and agents working together to be able to deal this strategy leadership to hundreds of millions of businesses that would otherwise not have access to it,” says Levy.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
