Yes, this is another blog about ISO27001. Yes, we do tend talk about rather it a lot here. The thing is, it’s really important. Have a look at these numbers…
The scale of the threat you’re facing
According to recent figures from the National Audit Office (NAO), 8% of GDP is accounted for by the UK’s Internet economy, a greater share than for any other G20 country. While this is undoubtedly a good thing for us all as we slowly recover from the Global Financial Crisis, we can sometimes forget that international crime is enabled by the Internet as much as is international commerce, and that the Web has opened up a world of new threats as well as new opportunities.
The NAO estimates the annual cost of cyber crime to the UK as being somewhere between £18 billion and £27 billion. And as the UK Cyber Security Strategy points out, “we have no choice but to find ways to confront and overcome these threats if the UK is to flourish in an increasingly competitive and globalised world.”
So what can you do?
How exactly do you confront and overcome these threats? How do you defend yourself? ISO27001 is the global best practice specification which helps organisations and businesses implement an information security management system (ISMS), a systematic approach to managing information so that it remains secure. ISO27001 offers a holistic security system which is strategic as well as operational, and encompasses people, processes and IT systems. Put simply: it’s your best chance of getting your house in order as far as information security is concerned. You can find more information on ISO27001 here.
At IT Governance we provide a wide range of products and services relating to ISO27001, from books and toolkits to help you implement the standard, to staff awareness and training courses, software and consultancy to make ISO27001 implementation as easy as can be. We work with you to address your needs, and can help you whatever your budget.
“But it’s madly expensive!”
A common objection to the idea of ISO27001 compliance is budgetary constraint, but if you look at the bigger picture this objection can be dismissed as a false economy with little effort. First off, yes, I know it’s expensive and time-consuming to implement an ISO27001-compliant ISMS. Something of that scale and importance is hardly going to be cheap and quick to do. But please don’t be daunted by the scale of the project. It really is worth it.
The 2013 Information Security Breaches Survey from the Department for Business, Innovation and Skills reports that the average cost to a large organisation of its worst security breach of the year is between £450,000 and £850,000. For a small business, it’s between £35,000 and £65,000. The same survey reports that 93% of large organisations had a breach last year, and 87% of small business did (up from 76% a year ago).
In other words, it’s pretty much guaranteed that you’re going to suffer a breach at some point, and when you do it’ll cost you way more than the cost of installing preventative measures now. Surely that’s worth at least thinking about.