Benefits of ISMS

87% of all survey respondents stated that implementing ISO/IEC 27001 for business management had a positive or very positive outcome.

Erasmus research results on the business impact of ISO/IEC 27001 demonstrate that a wide range of internal and external benefits were delivered following the adoption of ISO/IEC 27001 and implementation of an information security management system (ISMS):

  • Ability to meet compliance requirements increased for 78% of certified organizations

  • Number of security incidents decreased for 51.6% of certified organizations

  • Down time of IT systems decreased for 47.3% of certified companies

  • Ability to respond to tenders increased for 56% of certified organizations

  • Relative competitive position increased for 62% of certified companies

“Although we have only recently gained certification toISO/IEC 27001, there are at least three recent incidences where we have won contracts as a result of certification.”

Alex Litoff, Senior Manager

Internal and external customer satisfaction increased:

  • 51% of organizations saw an increase in external customer satisfaction following the implementation of an ISO/IEC 27001 certified ISMS

  • 45% of certified organization saw an increase in internal customer satisfaction

  • 82% of certified organizations noted an increase in the quality of information security processes and procedures and 48% a reduction in the level of risk

ROI and sales increased despite a rise in the cost to develop and support IT:

  • Despite 45% of organizations seeing an increase in the cost to support IT, 43% identified an increase in sales and 38.4% a return on investment from the adoption of an ISMS certified to ISO/IEC 27001

  • 50% of ISO/IEC 27001 certified organizations found the process of certification to be simple and 52% found it to be cost effective

Senior management support is key to success:

  • 95% of all responding organizations considered the endorsement of senior management to be highly important

  • 78% of all responding organizations took a top down approach to implementation of their ISMS

  • Key drivers for adoption include an increase in the quality of service, achieving competitive advantage and meeting regulatory requirements

Respondents were located across the globe and represented the full spectrum of organization size and industry:

  • The top three responding countries were Japan, Germany and the United Kingdom

  • 53% of respondents had 250 employees or fewer and 9% employed more than 10,000 staff

  • 65% of respondents operated from five or fewer locations with 10% operating from more than 50

  • The top five industries were: IT; professional/business services; financial services; manufacturing and telecommunications.

This data is a summary of responses from 645 organizations that had implemented the international standard for information security ISO/IEC 27001. Respondents completed an online questionnaire during early 2011.

Ready to talk?