Expert Advice Community

Guest

Ratio of successful cyber attacks on organisations who are ISO 27001 certified

  Quote
Guest
Guest user Created:   Feb 12, 2021 Last commented:   Feb 15, 2021

Ratio of successful cyber attacks on organisations who are ISO 27001 certified

Are there statistics available which indicates the ratio of successful cyber attacks on organisations who are ISO 27001 certified against those who are not ISO 27001 certified?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 12, 2021

Unfortunately, we are unaware of such type of statistics (most probably because attacked organizations often keep details about the incident of the media).

What we can infer is that ISO 27001 certified organizations are recognized as less susceptible to such attacks, because insurance companies consider its implementation as a good practice and in some cases, it is a criterion to reduce the premium to be paid by companies with this certification.

These links can provide more information:

For more about ISO 27001 benefits, please see:

Quote
0 0
Guest
Guest user Feb 15, 2021

Thank you for the response, much appreciated.

I just may not agree with the following statement that was made:

"Unfortunately, we are unaware of such type of statistics (most probably because attacked organizations often keep details about the incident of the media).”

I am sure that you will agree that there are sufficient enforcement of legislation related to cyber security breaches to ensure that all cyber- and information security breaches are recorded and reported to the relevant authorities as required.

Quote
0 0
Expert
Rhand Leal Feb 15, 2021

Please note that:

  • not all countries have laws and regulations enforcing communication of cyberattacks and information security breaches;
  • some laws and regulations are specific about which incidents must be reported, and to whom;
  • even with enforcement, some organizations may decide not to communicate incidents (i.e., they decide to absorb the impacts of not communicating in case it occurs)

Considering that, without a clear scope and sample, any statistics about cyberattacks and information security breaches need to be considered carefully.

Quote
0 0
Guest
Louisa Somers Feb 15, 2021

Thank you for your comments, it makes perfect sense. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 12, 2021

Feb 15, 2021

Suggested Topics