Interest in ISO 27001 soars after Optus and Medibank data breaches
Interest in ISO 27001 Information Security Management Systems (ISMS) certification has climbed more than 900% in the months following the Optus and Medibank data breaches, according to Australian-based Certification Body, Southpac Certifications.
Southpac Certifications’ Business Development Manager, Jeremy Fisher, said the number of enquiries they’ve received for ISO 27001 has overtaken the more traditional standards for Quality, Safety and Environmental Management Systems certification – ISO 9001, ISO 45001 and ISO 14001 – in recent months.
“We were getting around 2 to 3 enquiries a month for ISO 27001, now we are getting more than 5 enquiries a week,” he said. “These are businesses of all sizes – not just large corporations. Some of these are mum and dad operators – businesses of 10 or less staff – that are seeing the landscape and understanding that their customers are going to be insisting on global best practice for data security.”
ISO 27001:2013 is the internationally recognised standard for organisations to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties. It is designed to increase an organisation’s resilience to cyber-attacks, and provides organisation-wide protection against technology-based risks and other threats.
“The supply chain is going to be the biggest driver of growth for the development and certification of Information Security Management Systems,” said Mr Fisher. “We expect to see government in particular favouring companies that can prove in the tender process not just their commitment to data security but that they actually have the technical controls in place and are meeting the international standard.”
Southpac Group CEO Andy Shone said there has been a clear shift in priorities for businesses looking ahead to 2023, most notably the SME sector. “Since the first Optus breach was reported in September, we’ve not only seen the number of enquiries jump, but the speed at which businesses want their Information Security Management Systems implemented and certified,” he said.
“That has been a clear difference from the way most businesses approach the traditional Quality, Safety and Environmental management systems standards.”
Only 28 Certification Bodies in Australia currently provide accredited certification to ISO 27001:2013. Southpac Certifications began the process of adding ISO 27001 to its JAS-ANZ accredited schemes earlier in 2022 and is expected to have it on scope in the new year.