Security strategy without
full-time CISO budget.

Blue Team

A CISO costs over CHF 200,000 per year. Most SMEs with 50 to 250 employees don't need one full-time. We take over your security strategy, coordinate board reporting and stand ready as incident commander.

The Gap Between Risk and Resources

SMEs with 50 to 250 employees face a structural problem: the attack surface and regulatory pressure are comparable to large enterprises, but the budget for a dedicated security function is missing. A full-time CISO costs over CHF 200,000 per year according to Glassdoor and ERI Economic Research Institute, excluding benefits.

The consequence: security decisions are made by the CEO or IT manager on the side, policies are outdated or missing entirely, and in an emergency there's no structure for a coordinated incident response. The ISG reporting obligation with its 24-hour deadline for critical infrastructure makes the problem visible.

CISO as a Service closes this gap. We bring strategy, experience and structure, without the overhead of a permanent hire. Cancellable monthly, scalable with your company.

Our Engagement Model

Phase 01

Onboarding & Situation Assessment

Inventory of your current security posture: infrastructure, policies, risk register, compliance status, open items. The foundation for all further measures.

Phase 02

Strategy & Roadmap

Multi-year security roadmap aligned with your business goals and budget. Clear prioritisation by risk, not by technical preferences.

Phase 03

Ongoing Support

Regular presence per agreed model. We attend meetings, advise on procurement decisions, review third-party contracts and are available when it counts.

Phase 04

Board Reporting

Quarterly security reports for management. Risk posture, compliance status and measure progress in language that decision-makers understand.

Phase 05

Incident Response

In the event of an incident, we take over incident response coordination, support ISG reporting obligations and manage internal and external communication.

What You Receive

Security Roadmap

Documented multi-year strategy with budget planning, quick wins and long-term goals.

Policy Set

Information security policy, acceptable use policies, incident response procedures. Written for your company, not copied from a template.

Quarterly Board Report

Security status report for management: risk metrics, compliance status, open items and recommendations.

Vendor Risk Assessments

Standardised security assessments for critical third parties and SaaS products in your stack.

Incident Response Coordination

In an emergency: structured response, communication management and support with ISG reporting obligations (24h deadline).

Team Building

Skill gap analyses, training programmes and recruitment advisory for your internal security function.

Common Questions

How does the engagement model work in practice?

The base model starts from two days per month. We agree on fixed presence days, availability and response times. You get a direct phone number, no ticket queue. The model is scalable: during intensive phases, such as an audit or restructuring, we can temporarily increase capacity.

Is there a minimum term?

We recommend a minimum term of three months so that onboarding and initial strategic measures can be meaningfully completed. After that, the engagement is cancellable monthly.

What happens if a security incident occurs during the engagement?

We stand ready as incident commander. That means: we coordinate the response, support technical analysis, manage internal and external communication and accompany the ISG report if required. Incident response is not an extra, but part of the engagement.

What distinguishes CISO as a Service from regular security consulting?

Traditional consulting delivers recommendations and leaves. We take responsibility for implementation and remain continuously involved. We know your infrastructure, your vendor list and your internal processes. The difference is context instead of one-off project.

From Our Blog

strategie

CISO as a Service: Does My SME Need a Security Officer?

5 February 2026 · 6 min read

strategie

Cyber Risks on the Board: Liability and Duties in Switzerland

24 April 2026 · 7 min read

compliance

ISG Reporting Obligation: What Swiss Companies Need to Know Now

6 April 2026 · 7 min read

Discuss the CISO Model

We clarify scope and capacity in a free initial consultation. Concrete, not conceptual.

Schedule a CISO Consultation

CHF 2,500–5,000/month

From two days per month. Price depends on company size and scope. Cancellable monthly.

Security strategy withoutfull-time CISO budget.