14 DAY TRIAL // According to the new Boardroom Cyber Watch study released by IT Governance, many organizations still don’t comply with international cyber security best practice standards.
A total of 74% of the questioned senior executives admitted that their customers prefer to deal with suppliers that have proven IT security credentials. Furthermore, half of them say their customers have asked about the company’s security systems over the last 12 months.
On the other hand, while 87% of the respondents claim they know about the ISO/IEC 27001 information security management system standard – which significantly improves an organization’s resilience to cyberattacks –, only 35% of them are in compliance.
Unfortunately, 40% of the executives who took part in IT Governance’s study say they’re either unsure if their investment in cyber security is appropriate, or they’re simply aware that they're making the wrong level of investment.
“When deciding on IT investments, it’s important to recognise that information security is about far more than shoring your company up against cybercrime. Rather than viewing the ability to offer proven information security credentials as an unwelcome cost, it should be seen as a competitive advantage,” noted Alan Calder, founder and executive chairman of IT Governance.
“Indeed, given that a globally recognised best practice framework for addressing the risks related to systems, people and technology already exists in the shape of ISO/IEC 27001, it’s surprising to see such a large number of suppliers still resisting the opportunity to demonstrate their credibility,” Calder added.
“In the face of constantly evolving new threats around the globe, the need for increased compliance is a fact of life. Companies must therefore ensure that their defences are in a state of constant evolution - so much so that any organisation which handles customers’ personal data, for example, but is not compliant with ISO27001, is at risk of displaying overt negligence.”
The complete report is available here (registration required).