Benefits of ISMS
87% of all survey respondents stated that implementing ISO/IEC 27001 for business management had a positive or very positive outcome.
Erasmus research results on the business impact of ISO/IEC 27001 demonstrate that a wide range of internal and external benefits were delivered following the adoption of ISO/IEC 27001 and implementation of an information security management system (ISMS):
Ability to meet compliance requirements increased for 78% of certified organizations
Number of security incidents decreased for 51.6% of certified organizations
Down time of IT systems decreased for 47.3% of certified companies
Ability to respond to tenders increased for 56% of certified organizations
Relative competitive position increased for 62% of certified companies

“Although we have only recently gained certification toISO/IEC 27001, there are at least three recent incidences where we have won contracts as a result of certification.”
Internal and external customer satisfaction increased:
51% of organizations saw an increase in external customer satisfaction following the implementation of an ISO/IEC 27001 certified ISMS
45% of certified organization saw an increase in internal customer satisfaction
82% of certified organizations noted an increase in the quality of information security processes and procedures and 48% a reduction in the level of risk
ROI and sales increased despite a rise in the cost to develop and support IT:
Despite 45% of organizations seeing an increase in the cost to support IT, 43% identified an increase in sales and 38.4% a return on investment from the adoption of an ISMS certified to ISO/IEC 27001
50% of ISO/IEC 27001 certified organizations found the process of certification to be simple and 52% found it to be cost effective
Senior management support is key to success:
95% of all responding organizations considered the endorsement of senior management to be highly important
78% of all responding organizations took a top down approach to implementation of their ISMS
Key drivers for adoption include an increase in the quality of service, achieving competitive advantage and meeting regulatory requirements
Respondents were located across the globe and represented the full spectrum of organization size and industry:
The top three responding countries were Japan, Germany and the United Kingdom
53% of respondents had 250 employees or fewer and 9% employed more than 10,000 staff
65% of respondents operated from five or fewer locations with 10% operating from more than 50
The top five industries were: IT; professional/business services; financial services; manufacturing and telecommunications.
This data is a summary of responses from 645 organizations that had implemented the international standard for information security ISO/IEC 27001. Respondents completed an online questionnaire during early 2011.