Orgs Still Feel Vulnerable Despite Cyber Standards

Even though the majority of companies across the globe have implemented cybersecurity standards, a new report from IT Governance USA found that companies still believe they are the likely target of an attack.

Since 2017, there has been a 25% increase in data breaches, according to the ISO 27001 Global Report, which also revealed that 68% of organizations are now using ISO 27001 – the international standard for best practices with information security management systems (ISMSs) – to achieve General Data Protection Regulation (GDPR) compliance. Despite this majority, cybersecurity remains a top concern for organizations worldwide.

With regard to the GDPR, the report found that 43% of companies will be implementing an ISO 27001-compliant ISMS to enable them to maintain compliance with the EU GDPR. More than half of the respondents who have already implemented this standard (57%) reportedly did so because they believed they would gain a competitive advantage.

In fact, the overwhelming majority (89%) of organizations reported that improving their information security was the single greatest benefit of implementing ISO 27001.

“Implementing an ISO 27001-compliant ISMS is not only information security best practice but is also integral to demonstrating data protection compliance,” the report stated. “Even if you do suffer a breach, regulators show leniency to organizations that have certified to ISO 27001 because they are able to demonstrate that they are following information security best practice.”

Perhaps that is why two-thirds of 128 organizations that participated in the survey believe implementing ISO 27001 improves their security posture, reflecting a 3% jump from the 2016 and 2015 reports.

“Unfortunately, as long as cybercrime remains a lucrative trade, risks will continue to escalate, and attackers will continue to proliferate,” said Alan Calder, founder and executive chairman of IT Governance. “To counter this, organizations need to be fully prepared. ISO 27001, an information security standard designed to minimize risks and mitigate damage, offers the preparedness organizations need.”

Orgs Still Feel Vulnerable Despite Cyber Standards

You may also like

Difficulty of GDPR Advice and Buy-in Detailed

#2018InReview Peter Lefkowitz, Chief Digital Risk Officer, Citrix

The Importance of "S" in "CISO"

#InfosecNA18: Where Are We with GDPR?

How to Automate Governance, Risk and Compliance

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

MITRE Reveals Ivanti Breach By Nation State Actor

How to Backup and Restore Database in SQL Server

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Massive Brute-Force Attack on Alibaba Affects Millions

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

NIST Unveils New Consortium to Operate National Vulnerability Database

EU Elections: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024