Seasoned CISO and CyberNorth’s lead for Cyber and Fintech, Jon Holden, discusses the continued hesitation in fractional CISO services in our latest blog.
Why Are Organisations Still Wary of Fractional CISOs?
Providing specialised CISO services within your business part-time or on an interim basis, fractional CISO’s seem like a perfect solution for many organisations, however, as a CISO working with start-ups, scale-ups and ambitious SMEs across the North East, I continue to see a common hesitation when it comes to cyber leadership.
I regularly hear, ‘We’re not ready for a CISO, we’re not sure a fractional one will cut it’, now, I get that. Cyber security leadership feels like a big step but the reality is that many organisations don’t need a full-time CISO, yet, they desperately need the direction one provides. That’s where a fractional CISO is the ideal solution.
Still, there’s reluctance. So, let’s address it.
‘We need someone full-time.’
The assumption is that unless a CISO is in the building every day, they can’t be effective. The truth? Most SMEs don’t need 40+ hours a week of high-level security strategy. What they need is someone who can see the big picture, prioritise risks and align security with business goals — without drowning the team in process or jargon.
A fractional CISO delivers exactly that, focused value, without unnecessary overhead.
‘They won’t get our business.’
I hear this a lot. But good fractional CISOs aren’t just security specialists, they’re business-minded professionals. They’ve seen what works (and what doesn’t) across multiple sectors. They’re able to quickly embed, translate technical risks into board-level language and work with your internal teams to move things forward.
It’s not about parachuting in with a policy pack — it’s about becoming a trusted part of your leadership team, even if it’s only for a few days a month.
“They’re temporary.”
Yes, the role is flexible but the impact isn’t. A fractional CISO can:
• Build your security roadmap
• Prepare you for Cyber Essentials or ISO 27001
• Respond to incidents and recover quickly
• Support procurement, client assurance, and board reporting
• Even help hire and mentor your future internal team
It’s strategic leadership, tailored to your stage of growth.
‘It’s a risk.’
Let’s be honest: cyber security is already a risk. A fractional CISO isn’t a risk — they’re a response to one.
They bring experience, perspective, and clarity — often with no internal politics, no assumptions and a strong network to plug into when needed. That’s not a gap, that’s a strength.
Why It Matters Right Now
We’re seeing more demand than ever for cyber leadership — especially in sectors handling sensitive data, digital products and complex supply chains, however, the talent gap is real. Costs are rising and boards are asking tough questions.
A fractional CISO isn’t a compromise. It’s a smarter, scalable way to access real leadership, right when you need it.
Curious about how a fractional CISO could work in your organisation? I’m always up for a chat — no jargon, no pressure. Let’s make security work for your business, not the other way around.