Related Links

  • Imperva
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • PCI Council to offer awareness training
    The PCI Council will conduct a series of awareness training courses for stakeholders looking to educate their employees on the finer points of the Payment Card Industry’s Data Security Standard (PCI DSS).
  • Foregenix introduces PCI DSS training service
    London-based Foregenix has launched a PCI DSS training course, led by PCI industry expert Philip Whitaker. The course from the digital forensics and incident response specialists is billed as helping businesses to become PCI DSS compliant.
  • Survey reveals lack of awareness for PCI DSS 2.0
    Despite the fact that PCI DSS 2.0 security standards are now progressively being phased in by all major companies that accept debit and credit cards, a survey just carried out claims to show that awareness of the need for compliance is still quite low.
  • PCI DSS 2.0 standard receives a cautious thumbs up from the IT security industry
    A major update of the PCI DSS, the Payment Card Industry Data Security Standard, which was unveiled yesterday, has received cautious approval from the IT security industry.
  • New PCI DSS deadline tomorrow warns LogRhythm
    Tomorrow is the day that the new PCI DSS 1.2 rules kick in, requiring all level one merchants – defined as firms processing more than 6 million transactions per year – to adhere to the v1.2 security guidelines, or face possible action by their card processor.

Top 5 Stories


Imperva/Ponemon report gives thumbs down to PCI DSS governance

19 April 2011

Research released today claims to show that, despite the majority of IT professionals having to abide by the PCI DSS rules, most IT professionals do not perceive the standard – imposed to varying degrees on all firms processing card payments – as having a positive effect on data security.

The report, sponsored by Imperva and carried out by the Ponemon Institute, took in responses from more than 670 IT professionals on both sides of the Atlantic and looked at how their efforts to comply with the standards affect their company's data protection and security.

The analysis found that 64% of PCI-DSS compliant organisations reported suffering no data breaches involving credit card data in the past two years.

At the same time, researchers found that only 38% of non-compliant businesses reported suffering no data breaches involving credit card data in the past two years.

Revealingly, Infosecurity notes, 88% of respondents did not support the claim that PCI-DSS compliance has a positive effect on the number of breaches experienced.

This, the second annual study from Imperva – and entitled the 2011 PCI DSS Compliance Trends Study – surveyed both US and multinational IT security professionals and found that 26% of non-compliant organisations suffered more than five breaches during the last year.

Delving into the report reveals that only 33% of respondents believe that PCI DSS compliance expenditure is covered by the value that it brings the organisation.

Commenting on the report's findings, Amichai Shulman, Imperva's CTO, said that, at the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today.

It can, he added, significantly help companies improve their data security posture.

"Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don't, period", he noted.

Over at the Ponemon Institute, Larry Ponemon, the research firm's chairman, said that looking at the figures regarding the actual decrease in data breaches – and recent figures regarding the cost of data breaches – it seems that many practitioners have a subverted perception of the value of PCI-DSS compliance.

This observation was echoed by Shulman, who said that, over the past few years, most companies have matured in their understanding of the PCI mandate and have worked to meet strict compliance deadlines.

"We believe this is one of the primary reasons we've seen an overall increase in compliance and also, we believe, a decline in the number of credit card-related data breaches", he said.

This article is featured in:
Compliance and Policy  •  Data Loss


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×