Achieving ISO 27001 certification does not guarantee your organisation will never experience security incidents ever again. Nor can anyone realistically claim that the standard is perfect and it can absolutely be trusted. Despite the negativity, obtaining certification does offer several significant benefits that cannot be denied. Often touted benefits of an Information Security Management System (ISMS) that is implemented correctly and follows the spirit of the standard are:
- Increased organisational visibility – Since a functioning ISMS requires management to acknowledge their role in keeping information secure, it often leads to greater support and understanding of the relevant issues security personnel experience.
- Cost reduction – With greater collaboration, frank risk assessments and central management of information security matters, spending can be controlled and directed towards correcting the greatest need.
- Increased resilience – While security incidents could and in all probability will happen, having an ISMS will ensure that your organisation are at least aware of the potential risks and are able to put contingency plans in place.
- Increased competitiveness – In today’s market, security is no longer an afterthought but often a requirement of doing business. Until a better way is discovered by the security community, third party assessments are still the best way of establishing trust.
Clearly there must be truth to these benefits when the certification data (covering both ISO 27001:20015 and ISO 27001:2013 versions) from the ISO organisation is considered. According to the information there are very few countries in the world that does not at least have one ISO 27001 implementation. Year on year growth for ISO 27001 adoption is roughly 21%. Bear in mind, that while most organisations do report on their ISO compliance, not all organisations do, therefore the data from this survey reflects a lower number of certificates than exist.
Adoption of the ISO 27001 standard has also increased in almost all countries tracked by the ISO organisation. The three biggest countries where the ISO organisation operates are Japan, United Kingdom and India with impressive year on year growth
The Australian market is significantly smaller, but it appears that there has been a significant adoption of the ISO 27001 standard. The year on year growth is impressive and similar spikes in certification can be seen when Australia is compared to other leading countries.
Perhaps the most interesting aspect of the data is that it reveals what industry types have achieved certification. Information technology (IT) as expected is the clear leader but it appears that ISMS implementations are occurring across almost all industry types with most of the categories showing year on year growth. Based on this we can surmise that IT was merely the precursor to the adoption of ISO 27001 and other industries such as Retail, Transport and services industries are feeling the increased market demand for better information security.
A Tableau version of the information is available here:
The raw information for this article is available here: