84% of consumers think companies should be held responsible for data security

Released earlier this week, the 2015 Deloitte Consumer Review (Consumer data under attack: The growing threat of cyber crime) “focuses on cyber crime and security for consumer businesses.”

As the Black-Friday-to-Cyber-Monday weekend is in full swing and the festive online shopping period intensifies to fever pitch, the report issues a stark warning to online businesses to sort out their cyber security or risk losing customers.

Deloitte found that, as cyber crime continues to increase (a fifth of consumers have suffered financial losses as a result of cyber crime), customers are becoming increasingly distrustful of the companies that hold and process their data, and are making this distrust known:

  • 85% “expect companies that collect of process personal details or financial transactions online to keep this data secure from criminals.”
  • 84% think companies should “be held responsible for ensuring the security of user data and personal information online.”
  • 72% “think it’s the responsibility of companies to provide [them] with the tools [they] need to protect [their] privacy, security and reputation online.”
  • 73% of consumers would think twice about using companies “that failed to keep their data safe.”

As a Cebr report from June this year notes, “In the UK, cyber crime costs businesses £34 billion per year, including £18 billion from lost revenue.” That lost revenue will only increase as customers vote with their feet. Today, according to Deloitte, a third of consumers would “close their online account following a breach or stop dealing with the business they think is responsible.” As consumers become savvier, this level of customer churn will only increase.

To combat the increased risk of customer churn, then, “businesses need to develop an integrated approach to cyber security with board-level accountability, one that links business objectives to security priorities and helps to create a common language between technologists and business leaders. The approach needs to be set at the top, with the board, CEO and the CFO setting the governance and organisational structure and ensuring all employees understand their role in preventing cyber attacks.”

Enterprise-wide cyber security

As Deloitte emphasises, “cyber security requires not just the right technologies to counter the crime but also the right enterprise-wide strategy. The right strategy needs to recognise that cyber security is not just an IT issue, boards need to take note of consumers’ awareness and cynicism about how their data is used.”

ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a risk-based approach to information security that enables organisations of all sizes, sectors and locations to mitigate the risks they face with appropriate controls.

An ISMS addresses people, processes and technology, providing an enterprise-wide approach to protecting information – in whatever form it is held – based on the specific threats the organisation actually faces, thereby limiting the threats posed by untrained staff, inadequate procedures and out-of-date software solutions – among others.

Achieving certification to ISO 27001 demonstrates to customers, stakeholders and staff that best-practice information security is being followed across the organisation, providing organisations with a competitive advantage along with reduced customer churn and increased revenues.

ISO 27001 implementation

Implementing an ISO 27001-compliant ISMS and achieving certification to the Standard can, however, be a complicated undertaking. ISO 27001’s documentation requirements can run to thousands of pages, which on their own can take days if not weeks to create.

Fortunately for time-pressed organisations, those documents have already been written for you by expert practitioners.

IT Governance’s ISO 27001 Documentation Toolkit provides all of the ISMS documents you need in order to comply with ISO 27001, including 11 policies, 66 procedures, 24 work instructions and 36 records, plus an Information Security Manual and additional guidance, all of which can be customised to suit your organisation with a single click. Plus,  if you buy this toolkit before 18 December 2015 you’ll receive free copies of The Case for ISO 27001 and Nine Steps to Success.

If you want the easiest route to ISMS implementation, the core ISO 27001 Documentation Toolkit is also available in a variety of bundles that contain extra implementation guidance, standards and tools.

The No 3 Comprehensive ISO 27001 ISMS Toolkit bundle, for example, contains the core ISO 27001 Documentation toolkit plus copies of four relevant standards, bestselling implementation guidebooks including the world’s leading ISO 27001 implementation manual, and the industry-leading risk assessment software tool, vsRisk™.

Better still, it’s currently on sale at 15% off the list price >>