ISO 27001 Global Report 2018: top 3 key takeaways


1) ISO 27001 aids GDPR compliance

ISO 27001 provides an excellent starting point for meeting the technical and operational requirements of the EU GDPR (General Data Protection Regulation). So, it’s no surprise that nearly half (48%) of respondents cited GDPR compliance as their key motivation for adopting the Standard.

Implementing a documented, ISO 27001-aligned ISMS (information security management system) can help your organisation achieve GDPR compliance, while providing unquestionable evidence that you have taken reasonable measures to address information security risks, which will be looked upon favourably by regulators.

Download our free guide to GDPR compliance to learn how achieving ISO 27001 certification can help your organisation meet the GDPR’s requirements.


2) Improving information security is the biggest driver for implementing ISO 27001

Respondents acknowledged the ease with which the Standard’s framework enables organisations to manage, monitor and improve their information security in one place, with 70% of respondents saying that improving their information security posture was the biggest driver for implementing ISO 27001.

Other key drivers included gaining a competitive advantage (57%), ensuring legal and regulatory compliance (52%), industry requirements to align with information security best practice (49%) and tendering for new business (46%).


3) Obtaining employee buy-in is a key challenge for organisations

You are only as strong as your weakest link, and an organisation’s biggest security risk is often its own employees. When it comes to improving your ability to guard against cyber threats, the best defensive strategy is creating a strong cyber security culture – from the executive boardroom to the reception desk.

So, it’s concerning that 51% of respondents cited obtaining employee buy-in and raising staff awareness as the “main challenge” when implementing ISO 27001.

The solution? Change your culture to generate tangible and lasting organisation-wide security awareness with a comprehensive staff awareness programme.


For more insights, download our free ISO 27001 Global Report: