Interest in ISO 27001 soars after Optus and Medibank data breaches
Interest in ISO 27001 Information Security Management Systems (ISMS) certification has climbed more than 900% in the months following the Optus and Medibank data breaches, according to Australian-based Certification Body Southpac Certifications.
Southpac Certifications’ Business Development Manager, Jeremy Fisher, said the number of enquiries they’ve received for ISO 27001 has overtaken the more traditional standards for Quality, Safety and Environmental Management Systems certification – ISO 9001, ISO 45001 and ISO 14001 – in recent months.
“We were getting around 2 to 3 monthly enquiries for ISO 27001. Now, we are getting more than five enquiries a week,” he said. “These are businesses of all sizes – not just large corporations. Some are mum-and-dad operators of businesses with ten or fewer staff. They are seeing the landscape and understanding that their customers will be insisting on global best practices for data security.”
Benefits of ISO 27001
ISO 27001:2013 is the internationally recognised standard for organisations to manage the security of assets. These may include financial information, intellectual property, employee details or information entrusted by third parties. It is designed to increase an organisation’s resilience to cyber-attacks. In addition, it provides organisation-wide protection against technology-based risks and other threats.
“The supply chain is going to be the biggest growth driver for the development and certification of Information Security Management Systems,” said Mr Fisher. “We expect to see government in particular favouring companies that can prove in the tender process not just their commitment to data security but that they have the technical controls in place and are meeting the international standard.”
A Change in Priorities
Southpac Group CEO Andy Shone said there has been a clear shift in priorities for businesses looking ahead to 2023. This is most notable in the SME sector. “Since the first Optus breach was reported in September, we’ve not only seen the number of enquiries jump, but the speed at which businesses want their Information Security Management Systems implemented and certified,” he said.
“That has been a clear difference from how most businesses approach the traditional Quality, Safety and Environmental management systems standards.”
Only 28 Certification Bodies in Australia currently provide accredited certification to ISO 27001:2013. Southpac Certifications began adding ISO 27001 to its JAS-ANZ accredited schemes in 2022. It is expected to have it on scope in the new year.