The number of global organizations fully compliant with PCI DSS regulations has fallen for the second year in a row to just under 37%, according to a new report from Verizon.
The firm’s annual Payment Security Report (PSR) has tracked compliance levels for several years. This year’s was compiled from 302 PCI DSS engagements by Verizon Qualified Security Assessors (QSAs) with a range of organizations, including Fortune 500 and large multinationals firms, in over 60 countries.
The global compliance figure fell from 53% in last year’s report — a significant drop. APAC organizations appeared to be the best prepared, with 70% fully compliant. The figure fell to 48% in Europe and a disappointing 20% in the Americas.
Rodolphe Simonetti, global managing director for security consulting at Verizon, warned that while 2010-16 saw an increase in compliance levels, the trend is now reversing.
Featuring data from Verizon’s Threat Research Advisory Center (VTRAC), the report claimed that a compliance program without proper controls has a 95% chance of not being sustainable and is therefore a major target for attack.
“Many organizations spend a lot of time and money creating data protection compliance programs, but often these are ineffective — looking good on paper but not able to withstand the scrutiny of a professional security assessment,” Simonetti explained.
Leave a Reply
You must be logged in to post a comment.