Why companies are now seeking ISO 27001 certification

The increasing number of security incidents and cyber attacks is alarming: for many companies, this means a critical interruption to their business activities and therefore also the risk of high losses. Security managers recognise that prevention and a solid information management system are more effective in the long term than having to react to security incidents ad hoc and unprepared. Domestic companies are therefore increasingly striving for ISO 27001 certification.

Current hurdles to ISO 27001 implementation

The companies were asked why they have not yet sought certification – despite the clear benefits and increased security. Frequently mentioned were lack of human resources (27%) and the impression that there is no need (also 27%). The high costs (22%) and financial restrictions (17%) also continue to deter many companies from implementing certification. In addition, some companies state that they already fulfil other standards such as TISAX® or are dependent on corporate specifications. Even for small companies, the introduction of an information security system is a resource-related challenge.

ISO 27001 for security at all levels

Despite the challenges of introduction and implementation, there are many good reasons in favour of ISO 27001 certification: more than half of the companies surveyed (53%) see it as a way of preventing security incidents. Other motives include compliance with legal requirements (49%), building customer trust (46%) and preparing for NIS-2 (40%).42% of the companies surveyed are planning to carry out certification in the next two years. However, they state that they lack the time, money and specialists to implement the necessary requirements – this is precisely where the expertise of external, recognised bodies such as CIS is an enormous relief for companies of all sizes and in all sectors.

Conclusion

The awareness of the central importance of an information security system according to ISO 27001 has increased, but the path to certification is still a challenge for many. However, the long-term benefits outweigh the short-term effort: certification gives companies greater (legal) security, customer confidence and significantly reduces security incidents and the response time to them. Companies that have implemented ISO 27001 also have a significant head start in implementing the NIS-2 directive.