Orgs Still Feel Vulnerable Despite Cyber Standards
Even though the majority of companies across the globe have implemented cybersecurity standards, a new report from IT Governance USA found that companies still believe they are the likely target of an attack.
Since 2017, there has been a 25% increase in data breaches, according to the ISO 27001 Global Report, which also revealed that 68% of organizations are now using ISO 27001 – the international standard for best practices with information security management systems (ISMSs) – to achieve General Data Protection Regulation (GDPR) compliance. Despite this majority, cybersecurity remains a top concern for organizations worldwide.
With regard to the GDPR, the report found that 43% of companies will be implementing an ISO 27001-compliant ISMS to enable them to maintain compliance with the EU GDPR. More than half of the respondents who have already implemented this standard (57%) reportedly did so because they believed they would gain a competitive advantage.
In fact, the overwhelming majority (89%) of organizations reported that improving their information security was the single greatest benefit of implementing ISO 27001.
“Implementing an ISO 27001-compliant ISMS is not only information security best practice but is also integral to demonstrating data protection compliance,” the report stated. “Even if you do suffer a breach, regulators show leniency to organizations that have certified to ISO 27001 because they are able to demonstrate that they are following information security best practice.”
Perhaps that is why two-thirds of 128 organizations that participated in the survey believe implementing ISO 27001 improves their security posture, reflecting a 3% jump from the 2016 and 2015 reports.
“Unfortunately, as long as cybercrime remains a lucrative trade, risks will continue to escalate, and attackers will continue to proliferate,” said Alan Calder, founder and executive chairman of IT Governance. “To counter this, organizations need to be fully prepared. ISO 27001, an information security standard designed to minimize risks and mitigate damage, offers the preparedness organizations need.”
Source: Information Security Magazine