Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

The Security Iceberg That Could Sink Your Company

The cost of security

One of the oft-cited objections to putting an effective information security management system (such as that defined in the ISO27001 standard) in place is that of cost. The people cost money, the tools cost money, the internal and external auditors cost money and as for management time, well time is money after all. And often the benefits of security are hard to define, mainly because you don’t know how big a risk it is to not have any in the first place.

Yes, there are reports and surveys that claim to show the true scale of the problem of cyber-crime but, well they’re written by people who want to sell you their products aren’t they, so can you really trust them? The answer is probably no, but that doesn’t mean they’re wrong.

Let me explain….

The Hidden Cyber-Crime

Let’s think for a minute about the whole area of cyber-crime.

You have some assets in your company which are stored on one or more computers. These assets are worth a lot to you – they could be customer records, product secrets, HR information, financial data etc. and without them you would have a serious problem running your business. Not only that, but the assets may include some things that you don’t want anyone else to know; the information could be useful to a competitor or it could be stuff that would be embarrassing if it leaked on the Internet and became public knowledge.

Now let’s add to this picture that fact that most hacks nowadays don’t advertise their presence; gone are the days when a skull would flash up on screen saying “you’ve been hacked!”. No, it’s likely that if you have been hacked you probably don’t know it. The first you might know is when the hacker uses the information they have stolen for a purpose such as extortion or embarrassment.

Let’s say you get lucky and you find out that someone has accessed your systems illegally. Would you know what they have taken? Possibly not and you may have to assume the worst case. Can you track them down and get them arrested? Well, even if you were to prioritise forensic examination over fixing the problem as quickly as possible, the chances of the trail leading to the right person are quite frankly remote.

So no justice there.

The iceberg

Then there’s the question of whether you tell anyone. This is where reputation comes in. The harsh truth about the consequences of a loss of reputation after a successful hack (or even an unsuccessful one) is that it will probably sink you. Think about how you would react if you found out that a company you dealt with had lost your data; you would probably look elsewhere to meet your needs, particularly if similar suppliers are plentiful and competition is fierce.

A company that suffers such a public breach might survive if they are big enough and have sufficient reserves…just. But how many smaller companies would make it past the sudden lack of customers? The sad fact is that, once lost, trust is a very hard thing to regain. In most countries today there’s no legal obligation (yet) to report breaches of security to the authorities. Let’s face it, you’re probably not going to tell anyone.

So in essence:

  1. Many organizations have no idea they’ve been hacked
  2. If they think they have, most can’t tell what’s been taken
  3. The chances of finding the culprits are slim to zero
  4. Telling anyone about it is business suicide




In terms of risk what we have is an iceberg – an increasingly large visible top of public security breaches with a potentially massive hidden expanse below the water. How big an expanse? No-one knows. And in terms of impact we have an almost Armageddon scenario where a loss of trust sends your business under at a rate of knots. That’s the kind of risk I would take seriously. So yes, good security is a cost. But bad security is so much more expensive.

The ISO27001 standard

The ISO27001 standard gives you the tools to assess and manage your risk so that the chances of your company hitting the iceberg are reduced.

And the CertiKit ISO27001 Toolkit gets you to ISO27001….fast.

We’ve helped more than 4000 businesses with their compliance


Easy to follow, complete, logical setup and approach, and the templates are very easy to customize with company branding.

ReMark International

View all Testimonials