Small and medium sized businesses can face costs of up to £65,000 as the result of a severe security breach, according to the most recent Information Security Breaches Survey by the Department for Business, Innovation and Skills.
The survey shows that 78% of large organisations were attacked by an unauthorised outsider in the last year and that smaller businesses, “which used not to be a target, are now also coming under increasing attack”.
The average cost of the worst security breaches is £35,000 to £65,000 for smaller organisations, and £450,000 to £850,000 for larger organisations.
Featured Download: CISO Data Breach Guide
“Many businesses would claim that information is their most valuable asset, yet they do not develop a culture that gives priority to keeping information secure,” says Richard Skipsey of SGS United Kingdom Ltd. “Effective information security must be championed, funded and managed from the top down. It needs to be implemented as part of an overall business strategy, not in isolation.”
Acknowledging this, SGS just recently updated its free booklet “Issues To Be Considered When Establishing an Information Security Management System”, a resource designed to help companies that are aiming for compliance with ISO 27001:2013. To download the booklet, go to www.sgs.co.uk/ISO27001booklet.
“Even if an organisation does not want to commit to attaining the standard – although more and more businesses and government bodies are making it a requirement in suppliers’ tender documents – the booklet helps owners and senior managers clarify where they might be vulnerable in losing information,” says Mr Skipsey,
He emphasizes that the strategy must include all information that is valuable to an organisation – from research and design prototypes to forecasts and negotiating positions. It is also not limited to online activity; it includes paper records, images and even conversations.
Mr Skipsey is Global Product Manager – ISO 27001 and ISO 22301 at SGS, the world’s leading inspection, verification, certification, testing and training organisation. SGS has recently been accredited by UKAS to assess ISO/IEC 27001:2013.
The information security booklet has been updated to reflect the changes since the initial standard ISO 27001 was established in 2005. Mr Skipsey welcomes the fact that the importance of management commitment, along with effective measurement, is being given more prominence in the revised standard.
About SGS
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognised as the global benchmark for quality and integrity. With more than 80,000 employees, SGS operates a network of over 1,650 offices and laboratories around the world.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.