Recent ISO statistics show that the number of ISO 27001 certificates worldwide increased by 19% last year, to a total of almost 40,000. The UK grew at 34% and the USA at 36% – both countries that understand the need for boards and managements to provide customers and stakeholders with genuine, independent assurance that they are taking appropriate steps to deal with cyber risk.
We expect to see this growth continue this year, particularly as organisations realise the need to demonstrate that they are taking appropriate steps to protect personal data, and turn to their supply chains for evidence that they are also tackling the issue.
Over the past few years, we’ve moved away from ISO 27001 certification as being something that the leading organisations in sectors achieved as a way of differentiating themselves; increasingly, now, ISO 27001 certification is becoming a necessity for doing business.
The British Airways data breach and the Nielsen class action lawsuit (which I wrote about previously) will help managements focus more on the importance of internationally reputable and independently verified cyber security standards.