A Refresher on the Necessity of the Virtual CISO

May 14, 2019

Verizon has just published their annual Data Breach Report. The report was written by compiling data from 41,686 security incidents and 2,013 data breaches. Verizon was able to isolate specific data points from the compiled data, giving organizations the ability to know where they should focus their attention. They found that even though most attacks originated from outside sources, internal threats, such as employees comprised of 34% of the attacks, which is up from 28% in 2018. Another increased data point is the involvement of Nation State Actors, which is at 28%, up from 12%. One staggering statistic is that 43% of the attacks involved small businesses. These increases are clear indicators that attacks are becoming more sophisticated and financially motivated.

Small to Medium Businesses have typically ignored the necessity of the CISO in their organization, either based on the cost or their assumption that one is not needed. As noted from the Verizon Breach Report, this is furthest from the truth. Now, as regulatory and contractual compliance becomes a requirement for organizations, it is imperative that these companies get ahead of these requirements. Playing catch up by baking the required Security Controls into their business processes becomes a very costly endeavor.  

Having a qualified CISO on staff to assist your organization can be costly. The average base salary of a CISO is approximately $185,000 and if you add the overhead costs it could drive the true cost upwards of $250,000. Slate has developed a framework that provides the services of a CISO at a fractional cost. We start with the assessment of the organization, then develop and design the appropriate Security Program that works with YOUR organization. We understand that not all organizations are the same, neither should your security program. After the design of the program, Slate will execute the program and start developing reporting modules so each business unit can evaluate their metrics. The metrics will also provide each business unit the data needed to adjust their program and fine tune their security controls.

Do Not Forget – Slate Enclave is a Qualified Maryland Cyber Company. Find out how we can assist you in potentially getting up to 50% of our services covered under the Maryland Tax Credit.


Verizon 2018 Data Breach Investigation Report – https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf

Verizon 2019 Data Breach Investigations Report – https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf