...know their supply chain and other business partners are resilient against cyberattack. Many companies will insist ISO27001 is implemented and independently verified before entering into deals with partners.
New regulations in India, for example, make accredited certification to ISO27001 the default means for organisations to demonstrate compliance with data protection laws. Other countries are sure to follow India's lead. Failure to meet the required standards could cost you major contracts.
In the current economic climate, many companies are inevitably focusing on maximising revenues in the short term, controlling overheads and managing cashflow. Unless you focus on computer and data security too, though, you are placing your entire business at risk.
IT security improvement programme
No organisation should delay in implementing an IT security improvement programme. If you are not really sure if your business is as secure as possible, there is every chance you are actually far short of the requirements.
Let us end where we began, with another c-word — cost. It takes a long time before a company can truly comprehend the cost of a security breach. Immediate loss of revenue through service shutdown, alongside compensation packages, will only represent part of the impact.
The ultimate cost of complacency, in long-term brand and reputational damage, could be enormous. Every company and organisation must be aware of the dangers of computer crime. The threats are real — and if you are not properly prepared, you could be tomorrow's victim.
Alan Calder is chief executive of information security training and consultancy IT Governance. He is a leading author on information security and IT governance issues and an authority on ISO27001, formerly BS7799, the international security standard, about which he has co-written with Steve Watkins the compliance guide, IT Governance: A Manager's Guide to Data Security and ISO27001/ISO27002.