High profile corporate cybercrime is putting information security on boardroom agendas around the world, a global survey reveals today.
The need for increased measures to protect against corporate espionage and network hacking, the accidental or deliberate leaking of corporate data, and the loss or theft of company laptops, has never been so high, company bosses told the British Standards Institution (BSI), the leading business service for the development of standards, in a survey.
According to the research, which analyses responses from 645 businesses, risk of corporate data leaks is a key concern. Two thirds (64%) of the surveyed businesses that have implemented ISO 27001 cited this as the most important driving force behind adopting the information security standard.
According to Symantec's new Internet Security Threat Report volume XV, the UAE is ranked number 18 in EMEA (Europe, Middle East and Africa) and 36 in the world in 2009 for malicious activity. As a consequence of that rise in malicious activity, Symantec reports that the average annual cost of data loss at large enterprises in the UAE was about $2 million (Dh7.34m) in 2009.
The vast majority of organisations reported positive impacts. A 66% of the organisations assessed the overall benefit of adopting ISO/IEC 27001 as positive and a further 25% as very positive (91% in total)
BSI commissioned Erasmus University, the Dutch university that houses one of Europe’s top business schools, Rotterdam School of Management, to survey over 645 businesses in Asia, America, Europe and Australia.
Notably, 78% of the surveyed organisations, that have achieved ISO 27001 certification, have implemented the standard from the senior management team down, with the board fully endorsing its adoption and adhering to its requirements.
This suggests that fears around data security breaches are a real boardroom concern. And with almost all the businesses surveyed (92%) saying that the endorsement of senior management is crucial to fight against information security breaches, organisations around the world appear poised to revolutionise the way in which data is secured.
The research is drawn from all sectors of business, with 27% belonging to the IT industry and another 40% drawn from telecommunications, financial services, manufacturing, engineering, health and public administration industries.
The Erasmus research also demonstrates that ISO 27001 tackles both the cost and risk surrounding information security directly, reducing the number of security incidents within certified organisations by 39%. Meanwhile, the research shows that almost one third (26%) of businesses that have achieved ISO 27001 certification have since seen a return on investment.
This is underscored by the fact that, according to separate BSI figures, the number of organisations that have achieved ISO 27001certification from BSI grew by 21% between 2009 and 2011(www.guardian.co.uk)
To date, the largest data breaches include up to 130 million credit card numbers stolen from Heartland Payment System in 2008, which cost $140 million in total, and up to 100 million accounts stolen from retailer TJX in 2005 and 2006, for which costs soared to $256 million(www.boston.com). A costly element of the Heartland security breach was the impact of long-term reputational damage. In the days immediately following the breach, traffic to yasni.com – a popular people search tool commonly used for online reputation management – doubled as concern over identity theft spreads .
The situation for victims of corporate cybercrime has only worsened, as according to HP , the average cost of data breaches has risen by 56 per cent in 12 months.
Theuns Kotze, Regional Director Middle East and Africa said:
“The increasingly important role of technology in the workplace and the challenging economic climate means that data security is no longer something that businesses can ignore. Boardrooms around the world are finally waking up to the extreme costs and reputational risk that can be caused by security breaches. The need for a standard that helps to prevent data leaks is now greater than ever.
“The implementation of ISO 27001 is impacting businesses around the world, and our research shows that the standard is bringing significant benefits to businesses. 87% of the survey respondents reveal that the implementation of the standard has either had a positive or very positive impact on their companies. In addition to a reduction in the level of risk, 82% of those surveyed note an increase in the quality control of information, while 44% reported an increase in sales and improvement in competitive advantage.”