Pratum Blog

2020 is the Year of Virtual CISO

As millions of Americans dispersed to home offices this spring, a giant spotlight fell on business continuity plans across the country. Many of those plans, it turns out, were riddled with holes.

Nearly half of all working Americans are now telecommuting, according to Stanford University, revealing all the weaknesses in half-hearted business continuity plans that have been gathering dust for years. And just as the problem revealed itself, the budgets required to fix the issues were getting slashed.

While these challenges have always been present, the development of real solutions frequently fell by the wayside due to competing priorities and limited budget allocation. And now funds to fix things are scarcer than ever. In the public sector, for example, some states, such as Vermont, are anticipating budget cuts of up to 25%.

The fact is that an adequate continuity plan would’ve anticipated this. The world experienced several serious infectious outbreaks within the last 20 years with Bird Flu (H5N1), Swine Flu (H1N1) and Ebola. Fortunately, these diseases didn’t spread as quickly and easily as COVID-19, blunting their impact. But this also produced a false sense of security. Very few business continuity plans accounted for pandemics. In fact, many businesses didn’t even plan for more familiar threats such as natural disasters, malware attacks and downtime.

Where’s a CISO When You Need One?

Typically, a Chief Information Security Officer (CISO) would lead the way in preparing for these issues. A CISO focuses on balancing information security, risk, and general business challenges by asking key questions such as:

  • How can my agency (or department) ensure that business processes can be restored?
  • How can my agency access backup plans or ensure the recovery of lost data? Is this approach sustainable and controlled?
  • Are resources accessible offline even when access to company networks can’t be established?
  • How will we keep employees online?
  • How do we eliminate communication interruptions?
  • How can leadership and management effectively keep employees informed of plans for dealing with major disasters, sensitize them to the challenges and inquire about their preparation?

Right now, most budgets probably don’t include room to add a CISO to address the challenges revealed by 2020’s unique circumstances. But Pratum’s Virtual Chief Information Security Officer (vCISO) service is intended, by design, to fill that gap. This tailored service helps identify and implement viable business continuity planning/management and cybersecurity strategies and policies to maintain security effectiveness and meet regulation and compliance requirements.

How a Virtual CISO Works

A vCISO service creates actionable information security strategies and defines optimum information security direction. The vCISO will provide independent and objective input to ensure that your security posture is on track, recognizing areas of necessary improvement and continuing to support areas where you are already in compliance.

You can engage vCISO services for anywhere from a few hours to a per-project basis to a full-time basis. Your work with the vCISO will produce executive-level strategy, policy development and process creation for immediate adoption, implementation and operation of improvements.

A Pratum vCISO can assist with these areas:

  • Information security risk assessments
  • Business continuity planning/management and cybersecurity vision
  • Coordination, prioritization, and establishment of security initiatives
  • Risk reduction and mitigation through continual security improvements
  • IT audits
  • Policy review and development
  • Penetration testing
  • Disaster recovery and incident response
  • Penetration testing and vulnerability management (scanning)
  • Social engineering
  • Security awareness and training
  • Security consulting

With a vCISO in place, organizations will experience the confidence and safeguards provided by a sound business continuity management plan and a smooth process for recovering from severe disruptions.

Planning for the Next One

One clear lesson from 2020 is that the unthinkable is possible—and organizations can’t afford to stumble into the next challenge unprepared. When a new catastrophe strikes, it’s critical that we are all ready to address the situation calmly and appropriately. The price of being unprepared can be staggering. For example, the Federal Emergency Management Agency (FEMA) states that 40% to 60% of public entities will spend roughly 1.5 times their annual technology budget recovering from a business disruption.

With your Pratum vCISO and business continuity plan in place, you can avoid this outcome. Pratum will help identify your risks, find solutions to existing problems, and guide you safely through the next crisis.

For a better understanding of how Pratum vCISO services may be a fit for your organization, please visit

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.