An effective cyber security program starts with a strategy and a foundation based on risks. One of the most frequently implemented frameworks used by businesses is ISO 27001, which defines requirements and approaches that organisations can adopt in order to manage information security risks.
PwC’s Auditor Training & Certification team recently held an information session for clients and staff around ISO 27001:2013, which was attended by a wide-ranging audience including CEOs, COOs and independent management systems auditors. We took the opportunity to conduct a short survey to find out how they approach the security of their organisations’ information assets.
The results of this survey of 70 guests were surprising. For example, when asked if they’d know if their information or data was breached or hacked, 53% of respondents said they couldn’t be sure. Worryingly, more than half of those surveyed also said their business didn’t have an inventory of information security assets or if they did, it was rarely updated.
Managing security risks is more than just good business practice. Effective information governance means building the trust of your customers – and that, you’ll agree, is the foundation of any happy relationship.