Cyber Trust
Cyber Trust brand background
Security leadership & governance · leadership-only offer

Virtual CISO leadership for growing organisations.

Get board-level security leadership without building a full security department. We act as your virtual CISO -owning the roadmap, governance and assurance -while your internal teams and MSP handle most of the hands-on work.

  • Built for UK organisations with roughly 20–500 staff
  • You keep IT / MSP -we provide security leadership around them
  • Usually starts from a Board Cyber Posture Audit
How the Board Cyber Posture Audit works

This page is for leadership-only vCISO. If you want us to run the full programme day-to-day, see Fully Managed Cyber.

Cyber Trust providing strategic security leadership

Leadership-only, not “we do everything”

We own strategy, governance and assurance so your internal team and MSP can deliver against one clear plan.

Who this is for

Who vCISO leadership is for

UK organisations, typically with tens to a few hundred staff, who want security leadership and governance -without moving to a full outsourced “we run everything” programme.

Typical fit looks like:

  • You already have an MSP and/or internal IT team.
  • You want security leadership and governance, but not a full outsourced programme.
  • You need someone to own the roadmap, policy set and board reporting.
  • You’re under pressure from insurers, big customers, NHS or your board -but prefer to keep most hands-on work with existing teams.

What vCISO is (and isn’t)

vCISO is leadership and oversight: strategy, roadmap ownership, governance rhythm, assurance support, and board-ready reporting.

It’s not full hands-on execution: your internal teams and MSP still deliver most of the implementation and operational work.

If you want us to run much more of the day-to-day programme, see Fully Managed Cyber.

Outcomes

What we do as your virtual CISO

This is security leadership and oversight -not a full delivery team. We make sure there’s a coherent plan, a governance rhythm and credible assurance, while your IT/MSP delivers the hands-on work.

Security strategy & roadmap

We build and maintain a practical security roadmap tied to your risk, regulators and contracts -not generic best practice. You get clear priorities, trade-offs and sequencing that fit your budget and capacity.

Governance & board reporting

We run or support your security governance rhythm: steering groups, risk reviews and board updates. You get concise, plain-English reporting: what changed, what improved, what’s blocked, what’s next.

Policy, risk & assurance oversight

We keep your core policies, risk register and evidence pack up to date. When insurers, big customers or auditors ask questions, there’s a consistent, credible set of answers and proof to point to.

Partner & internal alignment

We coordinate with your internal IT team, MSP and key suppliers on security priorities, so everyone is working to the same plan instead of reacting ticket-by-ticket.

Important: vCISO is leadership and governance. If you want us to run more of the day-to-day programme delivery (more hands-on execution, evidence production, assurance workstreams, coordination, and ongoing improvements), that’s Fully Managed Cyber.

How it fits

How vCISO fits with our other services

Most vCISO engagements start from a clear, current picture of risk -then you choose how much you want to outsource.

Step 1

Board Cyber Posture Audit

Most vCISO engagements start here. We map your current risk and produce a 12-month Fix-First roadmap so leadership can make an informed decision.

Learn more

Step 2A

Virtual CISO leadership

If you want to keep most hands-on work with your internal team and MSP, we provide ongoing security leadership, governance and assurance as your virtual CISO.

Step 2B

Fully Managed Cyber

If you prefer to outsource both leadership and the day-to-day running of the programme, we can step in as your full outsourced security team.

Learn more

You can start with vCISO leadership and later upgrade to Fully Managed Cyber if your needs change -without starting from scratch.

Delivery model

How vCISO leadership works in practice

No pricing specifics here -cadence and scope are agreed per client based on risk, obligations and internal capacity.

  • Fixed monthly retainer for ongoing leadership and governance.
  • Regular governance cadence (e.g. reviews, steering, and board updates) agreed per client.
  • Time-boxed initial phase to adopt or create your roadmap (usually from the Board Cyber Posture Audit).
  • Clear boundaries: we lead and govern; your teams/MSP deliver most implementation and operational work.

We’ll confirm fit, agree the right cadence, and make sure the boundary between leadership and delivery is clear.

FAQ

Clarifying questions

Quick answers so vCISO doesn’t get confused with Fully Managed Cyber.

vCISO is leadership only: strategy, roadmap, governance and assurance. Fully Managed Cyber includes that, plus a larger delivery team that runs much more of the day-to-day programme for you.

Not sure whether you need vCISO or Fully Managed Cyber?

A short call usually makes it obvious. We’ll confirm the right starting point (usually the Audit) and the level of outsourcing that fits your team.

Fully Managed Cyber