Joe Levy, CEO at Sophos, told the World Economic Forum that’s a 10,000:1 ratio and a massive challenge for global cybersecurity resilience. “Those are not good odds,” says Levy. “This is a market failure. We haven’t figured out how to address this gap. We have the potential to do that now.”
The good news, according to an article in Forbes, is that an increasing number of organizations are utilizing virtual (remote) CISOs, also referred to as vCISOs, to address the expertise deficit without incurring the costs associated with hiring a full-time executive. “The challenge with the vCISO offerings in the market today is that human bandwidth doesn’t scale infinitely,” says Raja Patel, President, Product & Marketing at Sophos.
Sophos views managed service providers (MSPs) and managed security service providers (MSSPs) as the force multiplier in security leadership. Just as managed detection and response (MDR) proved that security operations scale best through services, security leadership scales best through partners. Various industry estimates put the number of MSPs and MSSPs at tens of thousands globally.
These service providers already sit at the intersection of technology, operations, and trust. Sophos is providing MSPs and MSSPs with its CISO Advantage to extend their role into governance, compliance, and risk management, services that are desperately needed by underserved small to midsized businesses (SMBs). “There’s an opportunity for us to create the next generation of MSPs and MSSPs through this hybrid model of humans and agents working together to be able to deal this strategy leadership to hundreds of millions of businesses that would otherwise not have access to it,” says Levy.
Read the 2026 CISO Report
