MSPs and MSSPs, the force multiplier in security leadership, are positioned to provide SMBs with CISO services
SAUSALITO, CA, UNITED STATES, March 23, 2026 /EINPresswire.com/ — The world’s small to midsized businesses (SMBs) have been mired in a cybersecurity supply and demand crisis, according to the 2026 CISO Report published today by Cybersecurity Ventures in partnership with Sophos.
Cybercrime is predicted to cost the world $12.2 trillion USD annually by 2031, up from $10.5 trillion in 2025, and $6 trillion in 2021. As a result, every business in the world should have a chief information security officer or equivalent resources. In 2026, nearly every Fortune 500 and Global 2000 company employs a full-time CISO, but close to zero percent of small businesses, which make up more than 90 percent of companies worldwide, have a dedicated security officer on staff.
Cybersecurity Ventures estimates that there are 35,000 chief information security officers employed worldwide in 2026, up minimally from 32,000 in 2023. There are approximately 359 million businesses in operation in the world today being serviced by those CISOs. Joe Levy, CEO at Sophos, told the World Economic Forum that’s a 10,000:1 ratio and a massive challenge for global cybersecurity resilience. “Those are not good odds,” says Levy. “This is a market failure. The cybersecurity ecosystem hasn’t figured out how to address this gap. We have the potential to do that now.”
A growing number of small businesses are turning to virtual (remote) CISOs, who provide on-call security strategy support, incident response leadership, governance, and other security services. “The challenge with the vCISO offerings in the market today is that human bandwidth doesn’t scale infinitely,” says Raja Patel, President, Product & Marketing at Sophos.
Sophos views managed service providers (MSPs) and managed security service providers (MSSPs) as the force multiplier in security leadership. Just as managed detection and response (MDR) proved that security operations scale best through services, security leadership scales best through partners. Various industry estimates put the number of MSPs and MSSPs at tens of thousands globally. “We need to provide the effective leadership of a CISO to the hundreds of millions of organizations that couldn’t have even dreamed of having one previously,” adds Levy. “This is the biggest opportunity that exists in cybersecurity today.”
The 2026 CISO Report contains facts, figures, predictions and statistics covering cybersecurity in the boardroom, women in CISO roles, compensation data, turnover rate, CISO certifications, budget trends, cyberinsurance, artificial intelligence (AI), ransomware, supply chain attacks, Q-Day aka Y2Q, human risk management, regulatory issues, the insider threat, and more.
“We partnered with Sophos on the 2026 CISO Report because they have the vision, platform, people, and channel strategy, to deliver cybersecurity to organizations globally who are largely underserved by our industry,” says Steve Morgan, founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine.
Cybersecurity Ventures and Sophos will be sharing ongoing thought leadership around the report with media outlets globally.
ABOUT
Cybersecurity Ventures is the world’s leading market-watcher, a trusted source for cybersecurity facts, figures, and statistics, and publisher of Cybercrime Magazine. We provide cyber economic market data, insights, and ground-breaking predictions to a global audience of CIOs and IT executives, CSOs and CISOs, information security practitioners, cybersecurity company founders and CEOs, venture capitalists, corporate investors, business and finance executives, HR professionals, and government cyber defense leaders.
Sophos is a cybersecurity leader defending 600,000 organizations globally with an AI-powered platform and expert-led services. It adapts to organizations at any stage of security maturity, combining machine learning, automation, and real-time threat intelligence with human expertise from Sophos X-Ops for 24/7 threat monitoring, detection, and response.
Sophos delivers industry-leading managed detection and response (MDR) and a broad portfolio of solutions, including endpoint, network, email, and cloud security, extended detection and response (XDR), identity threat detection and response (ITDR), and next-gen SIEM. Paired with expert advisory services, Sophos helps reduce risk, accelerate response, and outpace evolving cyber threats.
MEDIA CONTACTS
Editors at Cybercrime Magazine | info@cybersecurityventures.com
Sophos PR | press@sophos.com
Malcomb Farber
Cybersecurity Ventures
email us here
Visit us on social media:
LinkedIn
Instagram
YouTube
X
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
