According to PwC’s 18th Annual CEO Survey, 90% of US CEOs say cybersecurity is strategically important, 87% are concerned about cyber threats, and 45% are extremely concerned about them. Unfortunately, knowing about the problem and fixing it are two different things entirely.
It’s a well-known fact that 2014 was one of the worst years in terms of data breaches and stolen records. An estimated 350 million records were stolen between November 2013 and December 2014, affecting a large number of companies and an even greater number of customers. Those with the capital are struggling on, but 60% of small companies that suffer breaches are forced to close down within six months.
Regulatory compliance alone is not enough to address the cybersecurity challenge
Cybersecurity practices must be embedded into an organization so that it becomes part of business-as-usual. Keeping processes up to date, training personnel, using tools to detect threats, and responding accordingly on a daily basis will be the armour that keeps your business cyber secure.
Creating an effective incident response plan, appointing a chief information security officer (CISO), and implementing industry standards are proven methods to reduce the cost of a data breach.
ISO 27001 is the cybersecurity standard that businesses worldwide use to get themselves cyber secure, as it provides a best-practice framework for addressing the entire range of cyber risks, including people, processes, and technology. Too often, senior management is concerned only with getting the technology part of the business right and forgets about its weakest link – employees.
Registration to ISO 27001 requires you to determine the scope of your information security management system (ISMS), appoint a senior individual responsible for information security, implement appropriate policies and procedures, conduct risk assessments, and conduct staff training. But this is not just a one-off piece of work; ISO 27001 requires continual review and improvement of your ISMS so that cybersecurity best practices become ingrained in your day-to-day activities.
Registration to the Standard has grown steadily in the US, with brands such as Google Apps, Amazon Web Services, and Microsoft adopting it to showcase their commitment to cybersecurity.
If you’re considering implementing ISO 27001 and achieving registration against the Standard, we’ve developed fixed-price, packaged solutions that range in support so you can easily see which route is right for your business.
Our ISO 27001 Get A Lot Of Help package has by far been the most popular, providing businesses with the right mix of tools, training, implementation guides and hands-on guidance to successfully implement a management system aligned to the Standard. This option allows businesses to fully own and be in control of the project, without needing to outsource the ISMS or engage consultants.