Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Imperva/Ponemon report gives thumbs down to PCI DSS governance

The report, sponsored by Imperva and carried out by the Ponemon Institute, took in responses from more than 670 IT professionals on both sides of the Atlantic and looked at how their efforts to comply with the standards affect their company's data protection and security.

The analysis found that 64% of PCI-DSS compliant organisations reported suffering no data breaches involving credit card data in the past two years.

At the same time, researchers found that only 38% of non-compliant businesses reported suffering no data breaches involving credit card data in the past two years.

Revealingly, Infosecurity notes, 88% of respondents did not support the claim that PCI-DSS compliance has a positive effect on the number of breaches experienced.

This, the second annual study from Imperva – and entitled the 2011 PCI DSS Compliance Trends Study – surveyed both US and multinational IT security professionals and found that 26% of non-compliant organisations suffered more than five breaches during the last year.

Delving into the report reveals that only 33% of respondents believe that PCI DSS compliance expenditure is covered by the value that it brings the organisation.

Commenting on the report's findings, Amichai Shulman, Imperva's CTO, said that, at the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today.

It can, he added, significantly help companies improve their data security posture.

"Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don't, period", he noted.

Over at the Ponemon Institute, Larry Ponemon, the research firm's chairman, said that looking at the figures regarding the actual decrease in data breaches – and recent figures regarding the cost of data breaches – it seems that many practitioners have a subverted perception of the value of PCI-DSS compliance.

This observation was echoed by Shulman, who said that, over the past few years, most companies have matured in their understanding of the PCI mandate and have worked to meet strict compliance deadlines.

"We believe this is one of the primary reasons we've seen an overall increase in compliance and also, we believe, a decline in the number of credit card-related data breaches", he said.

What’s Hot on Infosecurity Magazine?