IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Cyber & Fraud Centre Scotland launches vCISO service
Data Protection Digital Transformation Supply Chain

Cyber & Fraud Centre Scotland launches vCISO service

Mon, 18th May 2026 (Today)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

Cyber and Fraud Centre Scotland has launched a Virtual Chief Information Security Officer service, giving organisations access to senior cyber security leadership without hiring a full-time executive.

The new offering is aimed at businesses that have invested in technical defences but still lack support on governance, risk ownership, compliance and long-term planning.

Those pressures have intensified as organisations face tighter regulation, greater customer scrutiny and wider business uncertainty, while cyber threats continue to evolve. Without dedicated security leadership, companies can be pushed into reactive decision-making and face added strain during incidents, audits or periods of expansion.

The vCISO service is designed to provide experienced senior advice on a flexible basis. It is available through monthly, quarterly and annual arrangements, with pricing based on the level of support required and an organisation's size, maturity and complexity.

The group is also considering pricing for charities, third sector organisations and start-ups to help ensure cyber security costs do not become a barrier to growth or the handling of sensitive data.

Strategic support

The service focuses on areas that sit above day-to-day technical work, including governance, controls, risk visibility, compliance requirements, and support during audits or certification processes. It is also intended to help organisations respond to customer security demands and bring technology, staff and processes together under a single leadership structure.

For some organisations, that model may be more attractive than hiring a permanent Chief Information Security Officer or entering a traditional retainer arrangement. Smaller businesses in particular often need senior security input only at key points, such as preparing for external audits, seeking funding, entering regulated supply chains or expanding into new markets.

The launch adds a strategic advisory layer to the Centre's existing Cyber Advance programme, which focuses on technical improvement, ongoing development and staff training over a year-long period. The two services are designed to work together in a phased model that combines higher-level oversight with operational follow-through.

That pairing reflects a broader issue in cyber security spending: organisations can identify weaknesses and receive recommendations, but struggle to implement them over time. By linking strategic advice with implementation support, the Centre aims to address both planning and delivery.

Jude McCorry explained the rationale for the move.

"We developed the vCISO service in direct response to feedback from clients who need strategic direction and expert guidance, but may not require - or be able to justify - a full-time CISO or traditional retainer model. Many organisations prefer a more flexible, project-based approach with clearly defined deliverables.

"Through our vCISO service, we provide the expertise, structure and strategic oversight needed to strengthen cyber resilience in a practical and sustainable way. Our clients and members also recognise that by working with us, they are helping to support Scotland's wider cyber resilience ecosystem, enabling us to provide low or no-cost access to organisations that may otherwise struggle to afford it." said Jude McCorry, Chief Executive Officer of Cyber and Fraud Centre Scotland.

Market pressure

The launch of virtual security leadership services reflects a wider market trend, as organisations seek access to senior expertise without the salary costs of a permanent executive hire. Demand has grown among mid-sized businesses, public bodies and charities that face many of the same governance and compliance expectations as larger organisations but lack the resources to maintain a full in-house leadership team.

In practice, that can leave responsibility for cyber security spread across finance, operations or IT leaders whose roles already carry broad workloads. The result can be unclear accountability, fragmented risk management and slower decision-making when incidents occur.

As a social enterprise, Cyber and Fraud Centre Scotland is also positioning the new service as a way to widen access. Work with commercial clients can help support organisations that might otherwise struggle to pay for specialist advice.

Willie Fairhurst, a board member at the organisation and Chief Executive Officer of Fairhurst Consult, said the service would be particularly useful for smaller clients facing regulatory and market access challenges.

"The vCISO service will be a valuable addition to both our service offering and the support available to our clients. It will be particularly beneficial for smaller organisations that need assistance navigating regulatory requirements to secure funding, or that are looking to expand into markets beyond Scotland. We're here to help organisations build the confidence and resilience they need to grow securely," said Fairhurst.

Image: Jude McCorry, CEO of Cyber and Fraud Centre Scotland
Related stories
AI drives ransomware surge, experts urge faster defence
apexanalytix launches Qubiton for AI-powered supplier checks
UK cyber survey criticised over AI threat blindness
Jazz urges stronger IP safeguards amid AI data leaks
API attacks surge as AI exposure raises cyber risk
Top stories
BT Business & Accenture to deploy AI across services
Dust raises USD $40 million for workplace AI platform
CortexForge unveils client-owned systems inside Microsoft
Lexsoft links T3 legal knowledge tool to AI platforms
Eebz launches AI models with GBP £10 million boost