In this paper we examine the adequacy of IS security standards to the needs of SMEs. Using the findings of literature review, we identify general criticism for the security standards. Further, we benchmark the recently published ISO 27001 IS security standard to ISO 9000 standard – a similar standard with a 20 years history – to develop expectations of how the future adoption of the recently introduced ISO 27001 standard can be fostered. We suggest, among other, that the legislative environment can play a crucial role for further growth of security standards adoption.