Why your clients are now demanding ISO 27001

Five Why your clients are now demanding ISO 27001boards should ask about cybersecurityYou may have heard about the security benefits ISO 27001 registration can bring to your organization, but did you realise your clients want you to get it, too?

If you work in the B2B sector, you’ll no doubt be aware that protecting your clients’ information is a key factor in daily operations.

According to Ponemon Institute’s 2014 Cost of a Data Breach Study, the loss of customers due to a data breach rose 15%. Certain industries, such as financial services, continue to be the most susceptible to high customer churn in the aftermath of a material data breach.

This is also true in the health care industry where, according to TransUnion Healthcare, more than half of adult patients studied would consider switching providers if their current one experienced a data breach. When asked whether they would avoid doing business with a provider that had a breach, 65% answered yes.

And even though cyber attacks are increasing in number and complexity, many organizations are reluctant to change their current level of security. According to PwC’s 2015 Global State of Information Security Survey, boards of directors remain largely uninvolved in cybersecurity issues at most organizations. Many boards “find it difficult to understand how security technology works and identify the related tactical risks”, security budgets remain static as a consequence, and many organizations struggle to achieve adequate levels of information security.

Adding in the negative media coverage of organizations that have suffered data breaches (Anthem, Home Depot, Sony, Target, etc.), it is no surprise that clients feel let down by these organizations and avoid them at all costs.

But we are now beginning to see a rise in clients demanding their suppliers achieve ISO 27001 registration in order to continue business relations or to strike up new partnerships.

ISO 27001 is the international standard that sets out requirements for an information security management system (ISMS). The ISO 27001 standard is an internationally agreed set of requirements defining how to assess and manage risk, who should have access rights, the processes and procedures to maintain the required levels of security, and so on. Just think of it as an internationally recognized badge that proves your business takes cybersecurity and data privacy seriously.

The number of organizations registered to the ISO 27001 standard has seen a steady increase in the US over the past seven years. According to the latest ISO survey, there has been a 36% growth rate year-on-year, and the US has the tenth highest number of registered organizations worldwide.

Because the Standard requires organizations to establish, implement, maintain, and continually improve their ISMS, achieving registration shows your dedication to information security management and that your clients’ data will be protected on an ongoing basis.

If you are interested in finding out more about ISO 27001, then speak to one of our advisors toll free on 1-877-317-3454, or email servicecenter@itgovernanceusa.com.

We have a range of ISO 27001 packaged solutions to simplify your journey to registration that can offer an ISO 27001-compliant ISMS at a one-off fixed price.

Find out more >>

ISO 27001 Packaged Solutions