British Medical Journal

How BMJ achieved its objective of bringing cybersecurity expertise into the organisation with Cyber Managent Alliance's vCISO service. 


vCISO Case Study

British Medical Journal Case Study

One of the problems for small-to-medium companies often is the budget required to hire an expert, full-time CISO. It’s normally very expensive considering more often than out, there isn’t adequate work for a full-time CISO in enterprises of that size. Therefore, British Medical Journal decided to look for an alternative, cost-effective way to fulfill its requirements for cybersecurity expertise and guidance. 

Client Goals 

The client, Aaron Townsend, Head of Service Delivery for BMJ, articulated the following objectives while engaging Cyber Management Alliance for its vCISO service:

  • A virtual CISO who could come in and advise the organisation on the right way to do things. 
  • An expert who could tell the business where its risks were.
  • Direction about how to tackle the risks and in what order. 

"In order for BMJ to find the right way forward, we looked for a virtual CISO - someone who could virtually come in and advise us on the right way to do things"

Aaron Townsend, Head of Service Delivery, British Medical Journal



Aaron elaborated on his organisation's experience with Cyber Management Alliance's vCISO service. 

He said, “We went to Cyber Management Alliance trying to find a way forward on this (the organisation's cybersecurity needs). It's been a year now that we kicked off this association. We had a very successful onboarding session." 


As part of the onboarding process, British Medical Journal completed the following activities: 

  • A cybersecurity workshop with the executives. 
  • A review of the Incident Response Capabilities, Plans and Procedures.
  • Creation of an Incident Response Plan.

With the Incident Response Plan in place and with a new vCISO, Aaron feels the organisation is much better prepared for any cybersecurity events and is in a position where the staff knows the way forward. 


“Our vCISO keeps us on our toes in the sense of making sure that we’re always pushing forward with our high priority items. Overall, it’s proved to be a very effective way of delivering expertise into the organisation that we wouldn't have normally had. If anyone is looking for that kind of option in terms of having that kind of expertise for your organisation, it is certainly something that I would recommend.”  

- Aaron Townsend



British Medical Journal 

The BMJ is a weekly peer-reviewed medical trade journal. It is one of the world's oldest and most respected independent general medical journals. It is published by the trade union the British Medical Association but it enjoys complete editorial freedom from the BMA.

Industry: Publishing
CMA Services: vCISO
Locations: UK

Download the British Medical Journal Case Study