The ever increasing digital economy and rapid development practices, coupled with the ability to deliver large scale enterprise networks through cloud computing have all contributed to the increase in many successful start-ups often leading to a lucrative acquisition of a company or the company being listed on the stock exchange.
Whilst technology advancements have supported high levels of innovation across businesses, there are also challenges in meeting the increasing legal and regulatory demands, which are also evolving in line with the technology developments of the last decade.
When we consider the amount of business activity performed online, it is no surprise when the words “ISO 27001:2013 Certified, PSN Certified, PCI DSS Certified” are included in procurement documentation or supplier due diligence activity. Many organisations that are procuring services now recognise the importance of the supplier having and being able to demonstrate adequate levels of security controls and management oversight in place. This is nothing new. Security requirements have been included in contracts and tenders for many years and there are a number of businesses making the move towards improving their security posture often in order to enhance business growth opportunities, provide client assurance improve security and (in my view) typically in that order of priority.
However, having a good level of security, underpinned and validated by industry certifications such as ISO27001 can also make an organisation more appealing for acquisition and is an important part of the governance prior listing on the stock market. It can also contribute against mitigating the risk of a data breach, which as previous security incidents have shown, can have a significant detrimental impact on a company’s share price.
For example, according to The Guardian despite Talk Talk tripling of pre-tax profits, they saw their share price fall 5%. This fall attributed to the Talk Talk security incident, where the personal details of more than 150,000 individual accounts were compromised as a result. Some other worrying statistics were that overall Talk Talk’s share price, since the breach, has decreased by 20% and they lost thousands of customers. There are many more stories of a similar nature, as I am sure you will be aware.
Although implementing a recognised industry security framework such as ISO27001:2013 does not guarantee 100% safety from a security breach it does mean your company is better placed to manage such a breach and limit the impact to your business. It also means you can demonstrate to your customers you are committed to safeguarding their information through the services you deliver. Being able to demonstrate your commitment to managing information security, can potentially open up new business markets and opportunities to you as well as increase your company’s value. So why wouldn’t you implement it?
Using a reputable security partner such as Bridewell will ensure that you have an expert provider to guide you on this journey. We specialise in implementing an array of information security standards and have developed our own specific methodologies that deliver excellent value to our clients and have been subject to a number of formal certification processes.
Our professional services not only focus on security compliance implementations, but also offer a comprehensive range of managed security solutions. We use industry leading software coupled with our expert employees to manage customers technical security solutions such as Security Information and Event Management (SIEM) and Continuous Vulnerability Assessments. This is also supported by our expert ISO 27001 consultants and security testers who can perform real life testing scenarios on your company to provide you with a level of assurance that your systems and data is adequately protected.