Many of us in IT Security support the best practices outlined in the PCI DSS, but still have a hard time obtaining the executive-level sponsorship needed for a really successful PCI compliance program… A recent study by Imperva and the Ponemon Institute produced some results that may help you make your case for the importance of being PCI compliant:
Excertp from the above linked article: “The study found that in 2010, 99% of compliant organisations suffered no more than a single credit card related breach compared with 85% of non-compliant organisations, while 64% of compliant organisations had no breach at all compared with 38% of non-compliant organisations.
Only 1% of compliant organisations suffered more than one breach related to credit card data compared with 15% of non-compliant organisations, and 63% of compliant organisations suffered no more than a single breach overall compared with 22% of non-compliant, according to the 2011 PCI DSS Compliance Trends Study.”
Jeremy Simon, PCI QSA, CISSP, CISA
Practice Lead, PCI Compliance Services