DNV says information security is now a business risk

DNV says information security has moved beyond IT and into enterprise risk as cloud use, remote work and connected supply chains expand exposure. The company is publishing educational resources and hosting a webinar to help organizations understand ISO/IEC 27001 and strengthen trust with customers and suppliers.

Why it matters: - Information security now affects business continuity, customer confidence and supply chain resilience, not just IT operations. - Organizations face broader risk as information moves among suppliers, contractors, customers and service providers. - Companies that build structured information security programs are better positioned to meet customer expectations and changing regulatory demands.

What happened: - DNV said organizations need a more formal approach to identify, manage and reduce information security risk. - Emily Delisle, Managing Director, Business Assurance, Region North America, said information security requires leadership commitment, governance, continual improvement and a structured risk approach. - DNV developed educational resources to help organizations assess information security management and improvement opportunities. - DNV is hosting a webinar titled “Protecting Information. Building Trust. An Introduction to ISO/IEC 27001 Certification.”

The details: - DNV’s new resources include “Building Competence for Information Security Expectations,” “Information Security in a Connected Digital Environment” and “The Information Security Management System Road to Success.” - The webinar will cover Information Security Management Systems, the basics of ISO/IEC 27001 and how organizations can strengthen information security. - The webinar is also intended to help companies build trust with customers, suppliers and other stakeholders. - More information is available in DNV’s information security resources.

Between the lines: - The push reflects a shift from treating cybersecurity as a technical function to treating it as a governance and business risk issue. - DNV is positioning ISO/IEC 27001 as a practical framework for organizations that need to prove security discipline to outside stakeholders. - The emphasis on supply chains suggests information security is now being evaluated across business ecosystems, not only inside company walls.

What's next: - Organizations can use DNV’s materials and webinar to learn more about ISO/IEC 27001 certification and information security management systems. - The broader expectation is that more companies will formalize governance, risk management and continual improvement around information security.

The bottom line: - Information security is becoming a board-level business issue, and DNV is betting that education plus ISO/IEC 27001 can help companies build trust while reducing risk.