
ISO 27001 does not stop breaches. That was never its job.
ISO 27001 does not stop breaches; it is a management system for risk decisions and faster recovery. Certification fails when UK SMEs perform compliance theatre instead of practicing real security.