New ISO 27001 certification figures fall short of expectation

New ISO 27001 certification figures fall short of expectationAccording to the recently published ISO Survey 2014, growth in the number of worldwide ISO 27001 certifications has slowed, despite expectations that global adoption rates would increase in response to the increased cyber threat that modern businesses face.

Worldwide, there were 23,972 ISO 27001 certifications in 2014, an increase of 7% on 2013’s figures. In previous years, adoption of the standard saw growth rates of between 11% and 20% so it is surprising that 2014 only saw a 7% increase. It’s also at odds with our considerable experience.

“…does not reflect our experience…”

Alan Calder – the first person in the world to implement an information security management system (ISMS) compliant with ISO 27001 – comments: “Compared with previous years’ increases, a 7% growth rate may seem low, but it should be noted that the number of certificates issued in 2014 does not reflect our experience of the rapid increase in demand from around the world. IT Governance saw its global customer base increase significantly over the same period, and the number of successful ISO 27001 implementation projects we led and aided also grew. Moreover, if you examine key economies such as Japan, the UK, the US, China and India, the numbers are still strong.”

Countries with the largest number of ISO 27001 certificates

As an innovator in digital technology, Japan historically tops the charts in the information security sector, although the UK also features prominently with the most significant growth in absolute terms.

Country ISO 27001 Certificates
Japan 7,181
United Kingdom 2,261
India 2,170
China 2,002
Italy 970
Romania 893
Spain 701
USA 664
Germany 640

Quite why ISO 27001 certification uptake in 2014 was moderate remains to be seen, but it is important to note that this slow growth was not exclusive to ISO 27001. The overall growth of ISO certificates was only 3%, with ISO 9001 certificates only seeing a 1% increase. See the full table of results here.

ISO 27001 certification is often a supply chain requirement and, as such, can help organisations broaden their client base and supply chain network, while supporting business opportunities in international markets where the standard is recognised.

Other ISO 27001 benefits include: enhanced reputation, increased stakeholder trust, meeting regulatory and compliance requirements, and improved internal processes.

For further information on ISO 27001, download our free green paper: Don’t Risk It, Cyber secure it – With ISO 27001