In a recent survey conducted by the Ponemon Institute, and supported by the security firm Imperva, it was found that 71% of the firms interviewed don’t view the Payment Card Industry Data Security Standard (PCI DSS) as a strategic initiative for their organization(s).
The data in this report states at least the following reasons for the lack of strategic importance linked to PCI DSS: (1) its hard work and requires constant monitoring and maintenance, (2) there is the perception that good security does not increase market share — i.e. consumers do not reward companies when nothing bad happens, and (3) most companies reported that they don’t believe the worst will happen to them — and — even if it does, they anticipate being able to handle the cost of the breach and move on.
Another observations was that 79% of this very same group has experienced a data breach that involved the loss or theft of credit card information.
The data in this report also hints that to incur the cost of a breach is cheaper than paying for what it takes to protect the systems and data.
George Hulme wrote about more details of this report’s findings in an article posted on the InformationWeek’s Security Weblog — which you can read by clicking here.
You can also access this free report by registering at the following website:
