top of page

"bend but don't break"- cyber resilience with ISO 27001

Cyber attacks are one of the main risks for data-processing companies today due to advancing digitalization. Added to this is the increasing complexity in a networked value chain. Systems are becoming more vulnerable to human and technical errors.

Industrial espionage, extortion through ransomware or identity-based attacks, including stolen credentials, phishing and social engineering are, according to consensus, the biggest threats. Cyber attacks thus directly impact the availability of business processes.

According to the World Economic Forum's (WEF) Global Security Outlook 2023, 91% of respondents said they believe a widespread and catastrophic cyber event is very likely in the next two years. The question is no longer whether a company will be "hacked," but when and how quickly it can respond to an attack.

Cyber resilience is the ability of an organization - under the conditions of a cyber attack - to continue business operations in a controlled manner while recovering from an attack as quickly as possible.

Companies around the world have responded to the growing threat environment by increasingly adopting a certified information security management system (ISMS). The internationally recognized ISO standard ISO/IEC 27001 evolved in 2022 to address global IT security challenges and improve digital trust. ISO standard 27001 governs the fundamentals of information security and is designed to ensure the confidentiality, integrity and availability of information.

To protect critical data assets from digital threats, organizations are encouraged to think about potential threats and risks early on. The process of ISO certification helps to introduce organizational and technical measures to identify potential threats and risks in good time, develop measures to minimize or eliminate the risks, and set up a control system to monitor compliance with the security measures. IT security is increased and with it the resilience of the company to protect itself from cyber attacks.

The appointment of a security officer can ensure that both implemented measures and current risk assessments are carried out at regular intervals. In the context of cyber resilience, different areas in the company play together. Information Security, IT Security, IT Operations, Business Continuity Management and the company management in its governance role. The diagram shows a schematic representation (the list is not exhaustive)

Various terms in the area of IT security

Source: ISO Org

Finally, a statement from Andreas Wolf, responsible for the ISO/IEC IT security standards expert group: "In the digital economy, the ability to overcome cyber attacks is what distinguishes market leaders. Companies that turn vulnerabilities into strengths will have the confidence to take healthy risks."



bottom of page