One of the problems for small-to-medium companies often is the budget required to hire an expert, full-time CISO. It’s normally very expensive considering more often than out, there isn’t adequate work for a full-time CISO in enterprises of that size. Therefore, British Medical Journal decided to look for an alternative, cost-effective way to fulfill its requirements for cybersecurity expertise and guidance.
"In order for BMJ to find the right way forward, we looked for a virtual CISO - someone who could virtually come in and advise us on the right way to do things"
– Aaron Townsend, Head of Service Delivery, British Medical Journal
Aaron elaborated on his organisation's experience with Cyber Management Alliance's vCISO service.
He said, “We went to Cyber Management Alliance trying to find a way forward on this (the organisation's cybersecurity needs). It's been a year now that we kicked off this association. We had a very successful onboarding session."
As part of the onboarding process, British Medical Journal completed the following activities:
With the Incident Response Plan in place and with a new vCISO, Aaron feels the organisation is much better prepared for any cybersecurity events and is in a position where the staff knows the way forward.
“Our vCISO keeps us on our toes in the sense of making sure that we’re always pushing forward with our high priority items. Overall, it’s proved to be a very effective way of delivering expertise into the organisation that we wouldn't have normally had. If anyone is looking for that kind of option in terms of having that kind of expertise for your organisation, it is certainly something that I would recommend.”
- Aaron Townsend