New Study Finds PCI DSS Compliant Companies Suffer Fewer Data Breaches

Yet most practitioners don't believe PCI DSS has positive effect on information security, finds report from The Ponemon Institute & Imperva

News provided by

Imperva, Inc.

19 Apr, 2011, 03:00 ET

REDWOOD SHORES, Calif. and TRAVERSE CITY, Mich., April 19, 2011 /PRNewswire/ -- Imperva, the leader in data security, and the Ponemon Institute announced today the results of their second study on the impact of the Payment Card Industry's (PCI) Data Security Standards (DSS). The 2011 PCI DSS Compliance Trends Study surveyed 670 US and multinational IT security practitioners on how efforts to comply with PCI-DSS affect an organization's data protection and security. This year's report shows that while the majority of PCI compliant organizations suffer fewer or no breaches, most practitioners still do not perceive PCI-DSS to have a positive impact on data security.

Compliant Organizations Suffer Fewer Breaches

According to the study, 64 percent of PCI-DSS compliant organizations reported suffering no data breaches involving credit card data over the past two years, while only 38 percent of non-compliant organizations reported suffering no breaches involving credit card data over the same period. When it comes to overall data breaches (general incident or those involving credit card data), 63 percent of compliant organizations suffered no more than a single data breach, compared to 22 percent of non-compliant organizations. Notably, 26 percent of non-compliant organizations suffered more than five breaches over the same time period.

"At the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today and can significantly help companies improve their data security posture," says Amichai Shulman, co-founder and CTO of Imperva. "Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don't, period."

PCI-DSS Perception is Cynical

Despite evidence to the contrary, the study also found that 88 percent of respondents did not support the claim that PCI-DSS compliance has a positive effect on the number of breaches experienced, and only 39 percent mentioned data security improvement as one of the regulation's value propositions for business. In fact, only 33 percent believe that PCI-DSS compliance expenditure is covered by the value it brings to organization.

"Looking at the figures regarding the actual decrease in data breaches and recent figures regarding the cost of data breaches, it seems that many practitioners have a much subverted perception of the value of PCI-DSS compliance," said Larry Ponemon, chairman and co-founder of the Ponemon Institute.

Nonetheless Compliance Is Increasing

This year's report also found that two-thirds of respondents have achieved substantial compliance with PCI-DSS. In the 2009 PCI DSS Compliance Trends Study, the number of respondents who'd achieved similar levels of compliance was only half, and roughly 25 percent of respondents in 2009 had not achieved any level of compliance. Only 16 percent of organizations surveyed in 2011 have not achieved any level of PCI-DSS by comparison.

"Over the past few years, most companies have matured in their understanding of the PCI mandate and have worked to meet strict compliance deadlines," continued Shulman. "We believe this is one of the primary reasons we've seen an overall increase in compliance and also, we believe, a decline in the number of credit card-related data breaches."

"In an era where governments are struggling with the creation of vague yet complex data protection acts, the credit card industry took a bold step towards regulating itself, using plain language, clear goals and a pragmatic focus," said University of Connecticut School of Business Professor Robert Bird. "PCI isn't perfect - but it succeeded by imposing security mandates and forcing attention on data security - all without government regulation."

For a full version of the 2011 PCI-DSS Compliance Trends Study, visit here.

About Imperva

Imperva is the global leader in data security. With more than 1,300 direct customers and 25,000 cloud customers, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

About The Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Visit the Ponemon Institute at www.ponemon.org.

Media Contact
Katherine Nellums
415.321.2347
[email protected]

SOURCE Imperva, Inc.

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.