Share

Related Links

  • Imperva
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Imperva/Ponemon report gives thumbs down to PCI DSS governance

19 April 2011

Research released today claims to show that, despite the majority of IT professionals having to abide by the PCI DSS rules, most IT professionals do not perceive the standard – imposed to varying degrees on all firms processing card payments – as having a positive effect on data security.

The report, sponsored by Imperva and carried out by the Ponemon Institute, took in responses from more than 670 IT professionals on both sides of the Atlantic and looked at how their efforts to comply with the standards affect their company's data protection and security.

The analysis found that 64% of PCI-DSS compliant organisations reported suffering no data breaches involving credit card data in the past two years.

At the same time, researchers found that only 38% of non-compliant businesses reported suffering no data breaches involving credit card data in the past two years.

Revealingly, Infosecurity notes, 88% of respondents did not support the claim that PCI-DSS compliance has a positive effect on the number of breaches experienced.

This, the second annual study from Imperva – and entitled the 2011 PCI DSS Compliance Trends Study – surveyed both US and multinational IT security professionals and found that 26% of non-compliant organisations suffered more than five breaches during the last year.

Delving into the report reveals that only 33% of respondents believe that PCI DSS compliance expenditure is covered by the value that it brings the organisation.

Commenting on the report's findings, Amichai Shulman, Imperva's CTO, said that, at the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today.

It can, he added, significantly help companies improve their data security posture.

"Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don't, period", he noted.

Over at the Ponemon Institute, Larry Ponemon, the research firm's chairman, said that looking at the figures regarding the actual decrease in data breaches – and recent figures regarding the cost of data breaches – it seems that many practitioners have a subverted perception of the value of PCI-DSS compliance.

This observation was echoed by Shulman, who said that, over the past few years, most companies have matured in their understanding of the PCI mandate and have worked to meet strict compliance deadlines.

"We believe this is one of the primary reasons we've seen an overall increase in compliance and also, we believe, a decline in the number of credit card-related data breaches", he said.

This article is featured in:
Compliance and Policy  •  Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×