More advanced cyber attacks like AI-driven attacks and IoT threats are affecting organisations globally. These consequences include financial loss, reputation damage, and business operations disruption. Information security management system (ISMS) like ISO27001 should be implemented to protect firms from cyber threats.