Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI compliant:
Excerpt from the above linked article: “The study found that in 2010, 99% of compliant organisations suffered no more than a single credit card related breach compared with 85% of non-compliant organisations, while 64% of compliant organisations had no breach at all compared with 38% of non-compliant organisations.
Only 1% of compliant organisations suffered more than one breach related to credit card data compared with 15% of non-compliant organisations, and 63% of compliant organisations suffered no more than a single breach overall compared with 22% of non-compliant, according to the 2011 PCI DSS Compliance Trends Study.”
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on information security and conducts PCI preparedness assessment, scoping, remediation, validation, and compliance maintenance services throughout the US.