‘We really preach that if a client is compliant that does not mean that it’s secured and vice versa,’ says Royi Barnea, vice president of channel sales at Cynomi.

Offering virtual CISO services can help MSPs improve the cybersecurity and compliance postures of customers of any size.

That’s the message from Royi Barnea, vice president of channel sales at Cynomi, a Tel Aviv, Israel-based provider of vCISO technology, who told an audience of MSPs at this week’s XChange 2024 conference in San Antonio that vCISO services are increasingly in demand. XChange is hosted by CRN parent The Channel Company.

Cynomi, in a survey last year of 300 U.S.-based MSPs, found that 19 percent were already offering vCISO services, while 86 percent were planning to add such services in the coming year.

[Related: The 10 Hottest Cloud Security Startup Companies Of 2024 (So Far)]

All this comes as cyberattacks are continuing to increase in volume and intensity, businesses are increasingly concerned about compliance issues, third-party risk assessments are on the rise and customers are increasingly asking about cyber insurance, he said.

At the same time, MSPs are dealing with new customer pain points such as the fear that vCISO services could mean a loss of control over their own infrastructure and concerns over whether they have the right experience or enough trained personnel to deliver them, Barnea said.

However, he said, this is changing.

“I am meeting with many solution providers who are saying today, ‘We’re not going to want to onboard a new client before we do an assessment to understand what we are getting ourselves into. Is the client committed to the process? Can we provide the services that were committed to the client, understanding where they stand and where they need to reach to have a decent cybersecurity culture?’” he said.

Cynomi can easily help MSPs achieve CISO-level cybersecurity for their customers using the company’s smart AI capabilities, Barnea said. It starts with asking customers 16 to 19 questions about their IT environment, their data usage, what security frameworks and plans are in place and so on, he said.

Based on the information collected, Cynomi will automatically populate and generate relevant assessments including frameworks and domains, Barnea said.

“It automatically cross-maps and cross-references between multiple frameworks and multiple controls,” he said. “All that is fully automated and presented in what we call the ‘spider chart’ that basically simplifies everything for you. We will set up the target for your client for every framework, every domain and where they stand today. We’ll also talk about reporting, which is very important as well.”

Cynomi’s biggest use case is looking for cybersecurity and compliance gaps, Barnea said. Getting customers ready for cyber insurance is also key, he said.

“We really preach that if a client is compliant that does not mean that it’s secured and vice versa,” he said.

Cynomi helps set security targets with a focus on four vectors of attack: data leakage, fraud, ransomware and website defacement, and fully guides MSPs for each of those, Barnea said.

Cynomi is 100 percent focused on the channel, he said.

“We will never compete with you,” he said. “We only work with consultancy firms, VCs and MSPs. Basically, through those platforms, there are multiple use cases and services that you can bundle to your client. Maybe you can do it yourself so the end client has access to the platform and can basically conduct some assessments or host a task. Maybe you want to do it together with them or you want to do it for your clients.”

Cynomi’s licensing is all-inclusive, which is a huge differentiator, Barnea said.

“This means you can upload as many users as you want to the platform,” he said. “The clients get different privileges and rights. It also means there are over 23 frameworks included without charge. Most of our competitors charge per framework per client. You can serve multiple clients at the same single price as well.”

Cynomi also makes it easy to prospect new customers by letting MSPs do an assessment free of charge and then send these prospects the report, Barnea said.

“You want to talk to the technical guys, great,” he said. “We provide all the reports needed to talk the bits and bytes at any level you want. But when you’re talking to executives, you can create a plan for them. The executive bottom line is, what’s the risk? What does it mean for their business? That’s the only thing important for them.”

For Darrin Piotrowski, CEO of New Orleans-based MSP Courant, the biggest takeaway from Barnea’s talk is that the Cynomi technology covers both compliance and security.

“I’m a big fan of consolidating our vendors,” he said. “I’m tired of having a bunch of vendors that sort of cross over in these two technologies, but who don’t completely cross over. And if I can eliminate two vendors by moving to one vendor, that’s a big deal for me.”