The number of ISO27001 certificates in Europe has grown significantly over the past seven years. According to the latest ISO Survey, there are 7,950 ISO27001 certificates throughout Europe as of 2013, which is 24% up on the previous year.
ISO27001 is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to the standard demonstrates that an organisation is following international information security best practices.
The graph above demonstrates the number of ISO27001 certificates year by year.
The UK, Italy, Romania, Spain and Germany have the largest number of ISO27001 certificates in Europe, but the biggest growth rates in 2013 were seen in Albania, Austria and Armenia which saw jumps of 71%, 62% and 57% respectively.
Why the rise?
ISO27001 has long been regarded as the leading framework for implementing an information security management system (ISMS) that enables organisations to obtain an independent certification to prove their cyber security credentials.
With recent high-profile data breaches at Home Depot, Target and eBay, and pressure from stakeholders and local legislation, many organisations are seeing the benefits of taking action.
According to a report conducted by ENISA on Security Certification Practices, companies in Europe stated that the two primary reasons for adopting an information security management system (ISMS) are to improve quality and to meet the expectations of existing customers, and to gain new ones. Respondents have also stated that an ISMS represents a marketing and competitive advantage. The ‘big three’ standards (ISO 20000, ISO 27001 and ISO 9001) are the most requested by companies. ISO 27001 certification has been classified as “the company’s main strategic business asset” and “a wealth of industry experience and knowledge”, according to the report.
Alan Calder, founder and executive chairman of leading information security experts, IT Governance, comments on the ISO Survey: “The increase in ISO27001 certificates is not surprising. More and more companies have come to realise the benefits of implementing an ISO27001-accredited information security management system, both in terms of improving security and gaining a competitive advantage.”
ISO27001 helps organisations win business by reassuring potential and existing customers that their data is safe. It also provides a robust framework, which makes it easier for companies to comply with multiple cyber security legislation, including the General Data Protection Regulation (GDPR) when it comes into force.
Resources you may find useful: