ISO 27001: Key topics for 2025
Information security affects companies of all sizes and in all sectors. However, with the many complex issues facing information security managers and IT departments, the question of the right prioritization is becoming increasingly important. We asked Austrian companies with ISO 27001 certification which topics are at the top of their list.
Companies with a certified information security management system have valuable experience from setting up an information security system to dealing with various issues on a daily basis. In our survey, security managers look to the future and reveal which key topics will be particularly important for their planning and strategy in 2025.
Top topics in 2025: from supplier security to risk management
The companies surveyed largely cited the areas of supplier security (58%), business continuity management (55%) and risk management (47%) as the top priorities for 2025. Security incident management (35%), compliance and training (23% each) as well as security guidelines (19%) are also on the list of important topics.
Also interesting in the survey were the choices that did not make it into the list of prioritized topics: These include personnel security, asset management, operational security, access control, physical security and cryptography.
Be future-proof beyond ISO 27001
The requirements of ISO 27001 are a groundbreaking basic framework for stable information security in the company. However, further measures must also be taken into account in order to improve information security in the long term. Innovative technologies, proactive security strategies and a holistic risk assessment are also key to remaining fit for the future.
The companies surveyed stated that they were investing primarily in zero trust architecture, MITRE ATT&ACK based risk management and threat modeling as well as immutable backup. The majority of companies have either already implemented measures in these three areas or are planning to do so this year. The areas of DevSecOps, Continuous Threat Exposure Management (CTEM) and Web3 Security were also mentioned with a lower priority.
CONCLUSION
The survey of security managers in Austrian companies provides a valuable database for providing orientation in the increasingly complex IT security landscape. New regulations such as NIS-2 bring with them additional challenges that can be overcome more quickly and easily with the help of ISO 27001 certification or an NIS law and ISO 27001 combined audit.
Would you like to find out more about the ISO 27001 status report and the experiences of certified companies? You can read more here!
More news
