Global research reveals corporate cybercrime tops boardroom agenda

17 August 2011

High profile corporate cybercrime is putting information security on boardroom agendas around the world, a global survey reveals today.

The need for increased measures to protect against corporate espionage and network hacking, the accidental or deliberate leaking of corporate data, and the loss or theft of company laptops, has never been so high, company bosses told the British Standards Institution (BSI), the leading business service for the development of standards, in a survey.

According to the research, which analyses responses from 645 businesses, risk of corporate data leaks is a key concern. Two thirds (64%) of the surveyed businesses that have implemented ISO 27001 cited this as the most important driving force behind adopting the information security standard.

In addition to risk, the BSI research also shows that 72% of businesses are worried about the financial damage of cybercrime. This is perhaps unsurprising in view of a report from the Cabinet Office, which states that cybercrime costs British businesses £21bn a year.

BSI commissioned Erasmus University, the Dutch university that houses one of Europe’s top business schools, Rotterdam School of Management, to survey over 645 businesses in Asia, America, Europe and Australia.

Notably, 78% of organisations surveyed that have achieved ISO 27001 certification have implemented the standard from the senior management team down, with the board fully endorsing its adoption and adhering to its requirements.
 
This suggests that fears around data security breaches are a real boardroom concern. And with almost all the businesses surveyed (92%) saying that the endorsement of senior management is crucial to fight against information security breaches, organisations around the world appear poised to revolutionise the way in which data is secured.

The research is drawn from all sectors of business, with 27% belonging to the IT industry and another 40% drawn from telecommunications, financial services, manufacturing, engineering, health and public administration industries.

The Erasmus research also demonstrates, ISO 27001 tackles both the cost and risk surrounding information security directly, reducing the number of security incidents within certified organisations by 39%. Meanwhile, the research shows that almost one third (26%) of businesses that have achieved ISO 27001 certification have since seen a return on investment.

This is underscored by the fact that, according to separate BSI figures, the number of organisations that have achieved ISO 27001 certification from BSI grew by 21% between 2009 and 2011.

One such business is Barclays UK Retail Online Banking, which successfully applied for the ISO 27001 certification to make its banking activities even more secure for customers.

The standard is now one of a number of initiatives within Barclays Digital Banking, which include the award-winning PINsentry device and free security software.

Sean Gilchrist, Digital Banking Director, said: "Data security is constantly evolving and being awarded the new ISO certification shows Barclays is keeping on top of changes in the information technology sector. It is an absolute priority for us that our customers' details are safe and secure at all times."

To date, the largest data breaches include up to 130 million credit card numbers stolen from Heartland Payment System in 2008, which cost $140 million in total, and up to 100 million accounts stolen from retailer TJX in 2005 and 2006, for which costs soared to $256 million .

A costly element of the Heartland security breach was the impact of long-term reputational damage. In the days immediately following the breach, traffic to yasni.com – a popular people search tool commonly used for online reputation management – doubled as concern over identity theft spreads.

The situation for victims of corporate cybercrime has only worsened, as according to HP , the average cost of data breaches has risen by 56 per cent in 12 months.

Howard Kerr, Group Chief Executive, BSI said: “The increasingly important role of technology in the workplace and the challenging economic climate means that data security is no longer something that businesses can ignore. Boardrooms around the world are finally waking up to the extreme costs and reputational risk that can be caused by security breaches. The need for a standard that helps to prevent data leaks is now greater than ever.

“The implementation of ISO 27001 is impacting businesses around the world, and our research shows that the standard is bringing significant benefits to businesses. 87% of the survey respondents reveal that the implementation of the standard has either had a positive or very positive impact on their companies. In addition to a reduction in the level of risk, 82% of those surveyed note an increase in the quality control of information, while 44% reported an increase in sales and improvement in competitive advantage.”


BSI helps organisations reduce their information security risks. How?

BSI, the UK National Standards Body publishes:

BSI also provides a range of information security training courses, individual qualifications and delivers a leading assessment and certification service for ISO 27001.

 Your basket
Your basket is empty