Businesses can no longer disregard data security. Cyberattacks have targeted organisations across sizes and sectors, from Fortune 5 companies to local governments. The criminals behind these attacks range from lone operators armed with pre-written scripts to wide-reaching organisations wielding unlimited resources, so understanding what the ISO 27001 certification means for your data security is more important than ever.
What is a data security framework, and why does it matter?
The threat of cybercrime has risen over the past twenty years. But in the wake of Covid, today’s organisations face a unique set of challenges as more professionals work remotely than ever before. As businesses and non-profits alike have raced to digitise operations, and even cloud-sceptical executives have flocked to the cloud, data security has never meant more to organisations or to the cybercriminals that prey on them.
In a world of heightened cyber risk, finance software vendors need to prove that they can protect their customers. Whether software is true cloud or on-premise, today’s providers have looked to various frameworks and cybersecurity standards: NIST CSF, COBIT 5, SOC 1 and 2, PCI DSS, CIS, ISO 27001, and more.
Why exactly should I care about a data breach?
For criminal hackers, reward almost always surpasses risk. Hackers have a drastically lower chance of getting caught than securing payment.
But hackers only account for one dimension of cyber-threat. Remote workflows expose businesses to danger from inside and out. Whether by clicking on a phishing email or accidentally publishing a dataset, an organisation’s own employees can create catastrophic breaches.
And to call breaches or other security incidents catastrophic is no exaggeration. The Ponemon Institute found the average cost of a UK data breach in 2020 at £2.8 million. And a globally distributed enterprise can face much higher losses. Demant, a Danish hearing aid manufacturer that suffered a ransomware attack in 2019, lost between £60-70 million in recovery and mitigation costs. The aftermath affected a global network, from Poland to Mexico, including the company-wide ERP system.
So which data security standard should I trust?
In one sense, every organisation must determine the appropriate data security framework for their business. But not all frameworks are created equally, and few are configured for your business. Most frameworks have been designed to benefit either specific industries or the creators of the frameworks themselves.
Cue ISO 27001. Unlike every other framework, ISO 27001 is not a stand-alone system. Instead, it is a ‘system’ made up of more than 21,580 standards developed by nearly 800 technical bodies. Bestowed by UKAS, the world’s leading accreditation body, the ISO 27001 framework governs members in over 160 countries. No organisation can acquire the ISO 27001 certification without meeting the highest data security standards in both rigorous initial and consistent follow-up audits.
As part of the ISO 27001 family, Xledger is proud to make your data our priority. Our certification merely recognises what we have always done: empower customers with the market’s most advanced cloud-based finance software. Trusted by globally trusted audit firms BDO and PwC, Xledger serves over 10,000 customers across more than 60 countries.