{"id":6872,"date":"2015-07-13T16:23:55","date_gmt":"2015-07-13T16:23:55","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/?p=6872"},"modified":"2025-07-10T17:17:52","modified_gmt":"2025-07-10T17:17:52","slug":"how-to-make-your-investment-in-iso-27001-profitable","status":"publish","type":"post","link":"https:\/\/advisera.com\/27001academy\/blog\/2015\/07\/13\/how-to-make-your-investment-in-iso-27001-profitable\/","title":{"rendered":"How to make your investment in ISO 27001 profitable"},"content":{"rendered":"

Nothing motivates executives more than profits; so, if you\u2019re proposing your ISO 27001<\/a> project to your top management, you should figure out how this project can increase the profit of your company. \u201cBut how?\u201d you may be wondering. \u201cProfit cannot be created with this kind of a project; there are only costs!\u201d<\/p>\n

Actually, you\u2019re wrong \u2013 ISO 27001 can have a positive financial impact on your company. Here\u2019s how.<\/p>\n

How is information security related to profits?<\/h2>\n

Profit can be created in two ways: (1) by increasing revenues, and (2) by decreasing costs. Let\u2019s examine both of these from an ISO 27001 perspective.<\/p>\n

Many companies are going for ISO 27001 certification because they need this certificate to get a new client through a tender, or because they want to convince their potential customers that they will safeguard their data in the best possible way. So, the point is \u2013 in many cases a company wouldn\u2019t get new clients if they didn\u2019t implement ISO 27001. Since every new client brings in additional revenue, the only question is whether this additional margin is higher than the investment in ISO 27001 \u2013 and it very often is.<\/p>\n

Further, the whole philosophy of ISO 27001 is preventive: the main idea is to prevent incidents from happening, or if they do happen, to decrease their impact to a minimum level. In other words, this means that the costs incurred because of incidents won\u2019t happen at all, or they will happen in a much smaller amount. Again, the question is whether this savings is bigger than the investment in ISO 27001 \u2013 and again, the answer is mainly yes.<\/p>\n

Of course, this doesn\u2019t mean you can afford to invest huge amounts of money in information security \u2013 you have to make sure you keep the ISO 27001 costs down, because otherwise it won\u2019t create the financial impact you wanted it to. See also:\u00a05 ways to avoid overhead with ISO 27001 (and keep the costs down).<\/a>
\n

<\/div>