This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Companies admit they are aware of ISO 27001, but only a third are compliant

Share this article:

The ISO 27001 security compliance standard is well recognised, but only adopted by a third of companies, according to a recent survey.

According to a survey of 260 respondents by IT Governance, 87 per cent said that they knew of the standard, but only 35 per cent were actually compliant with it. The survey, which analysed a number of industries, a third being from the technology sector, also found that 58 per cent of management received information on incidents and 32 per cent received these on a monthly basis.

Asked if this recognition but not adoption of ISO 27001 was common, Brian Honan, CEO of BH Consulting, said that he came across that situation a lot. He said that many companies do not want to become certified to the standard for three separate reasons. These being:

  • They are worried they may not actually get certified, which could cause them embarrassment with senior management or clients
  • The cost involved in engaging a certification body and the on-going maintenance of the certification
  • It is easier to claim to be compliant with the standard than actually prove it by becoming certified.

“However, what the above companies should realise is the amount of work required to be properly compliant with ISO 27001 is the same as that required to become certified,” Honan said.

“The cost difference from becoming compliant to being certified would be negligible in the overall scheme of things and would be mostly down to the certification audit.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.