1. How many organizations implemented ISO 27001 and got certificated?
There is no way to rise information about how many organizations implemented ISO 27001 since it is not mandatory for organizations to publicize that they adopted practices of this standard.
Regarding information about ISO 27001 certified organizations, unfortunately, there is no central list of certified organizations (you must consult each certification body to track which companies are certified by them).
However, the ISO site provides an ISO survey where you can find general information about certifications, like total quantity, quantity per country, quantity industry, etc. It does not nominate organizations.
According to this survey, in 2018 we had a total of 31910 ISO 27001 certified organizations around the world.
2. How long to get ISO 27001 certification?
The duration of the implementation project varies according to many variables (e.g., available resources, experience with standard's requirements, top management involvement, etc.), but for small and medium-size organizations the implementation generally varies from 3 to 12 months.
There are a significant number of variables to be considered when estimating an implementation cost, so without more detailed information, it's not possible to precise a value. What I can tell you are some cost issues you should consider: - Training and literature - External assistance - Technologies to be updated/implemented - Employee's effort and time - The certification process
Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.