Some companies may falsely believe that they don’t need a formal ISMS because they already have certain controls in place or are deploying modern technology to protect themselves from cyber attacks. However, the benefits of implementing an ISO 27001-compliant ISMS are far greater than many people perceive or realise. An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture.