MilesGuard
DE
CISOvCISOSMEStrategy

CISO as a Service: Does My SME Need a Security Officer?

5 February 2026|6 min read

A full-time CISO costs over CHF 200,000 per year. For many SMEs, that is unrealistic. CISO as a Service offers the same strategic expertise from just 2 days per month. When does the model make sense?

Your board asks about the cybersecurity strategy. Your cyber insurance requires a named security officer. A client sends you a security questionnaire with 120 questions. Who in your company answers that? A full-time CISO with experience costs at least CHF 200,000 per year in Switzerland, excluding overheads. For an SME with 80 to 200 employees, that is rarely economical.

What a vCISO Takes On

A virtual CISO (vCISO) takes on the same responsibilities on a part-time basis. They develop your security strategy, report to management, coordinate audits and pentests, answer client security questionnaires, conduct risk assessments and oversee incident response. The difference: they work for several companies at once and bring broader experience as a result.

When the Model Makes Sense

The model is particularly worthwhile in three situations. First, you process personal data or health data and need to demonstrate nDSG compliance. Second, you work in or supply to regulated industries (financial services, healthcare, critical infrastructure) and must meet your clients' security requirements. Third, you are growing rapidly and need someone to embed security into new projects, cloud migrations or M&A processes.

When You Do Not Need a vCISO

The model is less worthwhile if you have fewer than 30 employees and no regulatory requirements to meet. In that case, an annual security audit with a concrete action plan is often sufficient. Similarly, if you already have an experienced IT manager who can cover security, an external vCISO may not be necessary.

Getting Started with MilesGuard

At MilesGuard, vCISO engagements start from 2 days per month. In the first month, we conduct a security assessment and create a roadmap. After that, we work through the measures in order of priority, report quarterly to your management and serve as the escalation contact for incidents. The engagement grows with your company and can be adjusted at any time.

Quellen

  • [1] Michael Page Salary Overview 2025
  • [2] Robert Half Salary Overview 2026
  • [3] Glassdoor Switzerland
Share:LinkedIn

Weitere Beiträge

Cyber Risks on the Board: Liability and Duties in Switzerland

24 April 2026

nDSG and IT Security: 10 Technical Measures for SMEs

9 March 2026

What Does a Penetration Test Cost in Switzerland?

20 February 2026

Related Services

CISO as a Service →Security Audits →
Miles Strässle

Miles Strässle

Founder, MilesGuard GmbH

Security questions? Talk to us.

Our blog posts are continually updated on the original site. For individual advice, we are available at any time.

Schedule a Consultation