PCI Compliance May Mean Fewer Breaches, Study Says

  /     /     /  
Publicated : 22/11/2024   Category : security


PCI Compliance May Mean Fewer Breaches, Study Says


But most professionals still dont think PCI has much of an impact on security, Ponemon/Imperva study says



PCI-compliant companies have fewer breaches, but most security pros still dont believe compliance has much positive impact on data security, according to a study released last week.
According to the
2011 PCI DSS Compliance Trends Study
, conducted by the Ponemon Institute and sponsored by security vendor Imperva, 64 percent of organizations that comply with the Payment Card Industry Data Security Standards (PCI-DSS) reported suffering no data breaches involving credit card data during the past two years, while only 38 percent of noncompliant organizations reported suffering no breaches involving credit card data during the same period.
PCI-compliant companies also had fewer data breaches overall, even when credit card data wasnt involved. Sixty-three percent of compliant organizations suffered no more than one data breach, compared to 22 percent of noncompliant organizations. Notably, 26 percent of noncompliant organizations suffered more than five breaches during the same time period.
At the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today and can significantly help companies improve their data security posture, says Amichai Shulman, co-founder and CTO of Imperva, in a statement following the studys release. Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don’t, period.
However, the study also found that 88 percent of respondents did not support the claim that PCI-DSS compliance has a positive effect on the number of breaches experienced, and only 39 percent mentioned data security improvement as one of the regulation’s value propositions for business. In fact, only 33 percent believe that PCI-DSS compliance expenditure is covered by the value it brings to an organization.
The study found that two-thirds of respondents have achieved substantial compliance with PCI-DSS. In the 2009 PCI DSS Compliance Trends Study, the number of respondents who’d achieved similar levels of compliance was only half, and roughly 25 percent of respondents in 2009 had not achieved any level of compliance. Only 16 percent of organizations surveyed in 2011 have not achieved any level of PCI-DSS, the report states.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
PCI Compliance May Mean Fewer Breaches, Study Says