Learn more about ISO 27001
Download our detailed ISO 9001 and 27001 comparison today
.jpg?ext=.jpg)
What is the Value of a Cybersecurity Standard?
Lately, ISO 27001 has been in the news more often than usual. Some newsworthy breaches have transpired or have been reported to have occurred to companies that were ISO 27001 certified. Companies compliant to other standards have also been victimized. Are these cybersecurity controls really worth it?
Cybersecurity Health is Like Your Car
Sometimes a car is due to be inspected, often to make sure it meets environmental standards. It gets a clean bill of health following a thorough inspection. Everything is working as it should and the car seems to be in the best shape of its life.
The next day, something goes wrong with the car and there is a serious problem. Was the inspection faulty?
While there is a slight chance the inspector missed something (for now, we are only human), the better likelihood is that the car was in perfect health at the time of the check-up, and then the next day that was no longer true. It’s just bad luck.
Assessments against cybersecurity standards work much the same way. As the auditor checks your cybersecurity ecosystem, he or she may find nothing wrong, and your company will pass with flying colors. The next day, a hacker could launch an attack that went undetected by every testing mechanism in the arsenal. The standard did not fail, and the company met all controls.
What are the Benefits of ISO 27001 and Other Cybersecurity Standards?
None of the cybersecurity standards circulating today promise total cybersecurity for a business. That would be virtually impossible, especially given how sophisticated malicious players are today. Given that there are still numerous benefits tied to achieving ISO 27001 certification or other standard compliance. Among these are:
- Proof that you were assessed by a third party and met compliance standards
- Proof that you have documented protocols and security
- Proof that you have implemented best practices for strengthening cybersecurity
- In the case of ISO 27001, you also will have proof that you successfully achieved an internationally recognized and high standard of cybersecurity/information security management system quality
- Should a breach occur, the existence of plans and protocols will enable the company to mitigate the situation faster
Cybersecurity is worth the investment
Companies thinking about investing in a cybersecurity insurance policy or in achieving a cybersecurity standard still may experience a cyber incident. In fact, many cybersecurity experts now say most companies will experience at least one attack. This does not negate the value of auditors or the standards they assess. It simply is a sign of the times.
Contact us today if you would like to learn more about ISO 27001.
Other Cybersecurity Questions
Do you need an ISO 27001 certification as a contract manufacturer?
Learn more about how ISO 27001 can benefit your organization.
What is a SIEM tool?
Learn what a SIEM tool is and how it can benefit your organization.
About Smithers
Founded in 1925 and headquartered in Akron, Ohio, Smithers is a multinational provider of testing, consulting, information, and compliance services. With laboratories and operations in North America, Europe, and Asia, Smithers supports customers in the transportation, life science, packaging, materials, components, consumer, cannabis, dry commodities, and energy industries. Smithers delivers accurate data, on time, with high touch, by integrating science, technology, and business expertise, so customers can innovate with confidence. Smithers is an authorized C3PAO and can be found on the CyberAB Marketplace.