Global Research Reveals Corporate Cybercrime Tops Boardroom Agenda
The need for increased measures to protect against corporate espionage and network hacking, the accidental or deliberate leaking of corporate data and the loss or theft of company laptops, has never been so high, company bosses told the British Standards Institution (BSI), in a survey.
According to the research, which analyses responses from 645 businesses, risk of corporate data leaks is a key concern. Two thirds (64 percent) of the surveyed businesses that have implemented ISO 27001 cited this as the most important driving force behind adopting the information security standard.
In addition to risk, the BSI research also shows that 72 percent of businesses are worried about the financial damage of cybercrime. This is perhaps unsurprising in view of a report from the Cabinet Office, which states that cybercrime costs British businesses £21bn a year.
BSI commissioned Erasmus University, the Dutch university, Rotterdam School of Management, to survey over 645 businesses in Asia, America, Europe and Australia.
Notably, 78 percent of organizations surveyed have achieved ISO 27001 certification and have implemented the standard from the senior management team down, with the board fully endorsing its adoption and adhering to its requirements.
This suggests that fears around data security breaches are a real boardroom concern. And with almost all the businesses surveyed (92 percent) saying that the endorsement of senior management is crucial to fight against information security breaches, organisations around the world appear poised to revolutionise the way in which data is secured.
The research is drawn from all sectors of business, with 27 percent belonging to the IT industry and another 40 percent drawn from telecommunications, financial services, manufacturing, engineering, health and public administration industries.
The Erasmus research also demonstrates, ISO 27001 tackles both the cost and risk surrounding information security directly, reducing the number of security incidents within certified organisations by 39 percent. Meanwhile, the research shows that almost one third (26 percent) of businesses that have achieved ISO 27001 certification have since seen a return on investment.
This is underscored by the fact that, according to separate BSI figures, the number of organisations that have achieved ISO 27001 certification from BSI grew by 21 percent between 2009 and 2011.
One such business is Barclays UK Retail Online Banking, which successfully applied for the ISO 27001 certification to make its banking activities even more secure for customers. The standard is now one of a number of initiatives within Barclays Digital Banking, which include the award-winning PINsentry device and free security software.
"Data security is constantly evolving and being awarded the new ISO certification shows Barclays is keeping on top of changes in the information technology sector, said Sean Gilchrist, digital banking director. "It is an absolute priority for us that our customers' details are safe and secure at all times."
To date, the largest data breaches include up to 130 million credit card numbers stolen from Heartland Payment System in 2008, which cost $140 million in total, and up to 100 million accounts stolen from retailer TJX in 2005 and 2006, for which costs soared to $256 million . A costly element of the Heartland security breach was the impact of long-term reputational damage. In the days immediately following the breach, traffic to yasni.com – a popular people search tool commonly used for online reputation management – doubled as concern over identity theft spreads.
The situation for victims of corporate cybercrime has only worsened, as according to HP , the average cost of data breaches has risen by 56 per cent in 12 months.
“The increasingly important role of technology in the workplace and the challenging economic climate means that data security is no longer something that businesses can ignore, said Howard Kerr, group chief executive, BSI. "Boardrooms around the world are finally waking up to the extreme costs and reputational risk that can be caused by security breaches. The need for a standard that helps to prevent data leaks is now greater than ever."
“The implementation of ISO 27001 is impacting businesses around the world, and our research shows that the standard is bringing significant benefits to businesses. 87 percent of the survey respondents reveal that the implementation of the standard has either had a positive or very positive impact on their companies. In addition to a reduction in the level of risk, 82 percent of those surveyed note an increase in the quality control of information, while 44 percent reported an increase in sales and improvement in competitive advantage.”