In 2013, more than 82 percent of organizations were compliant with at least 80 percent of the PCI standard at the time of their annual baseline assessment, compared with 32 percent in 2012, said a Verizon report.
However, many businesses, following their annual assessment for meeting the Payment Card Industry Data Security Standard, fail to maintain ongoing compliance. This will be putting the businesses at an increased risk for data breaches, and financial and reputational damages, said the Verizon 2014 PCI Compliance Report.
According to the report, in most cases, payment card data breaches are not a failure of security technology or of compliance with the Payment Card Industry Data Security Standard, but rather a failure to implement appropriate compliance and security measures as intended.
“We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus,” said Rodolphe Simonetti, managing director, PCI practice, Verizon Enterprise Solutions.
There were also regional differences due to breach notification laws, varying legal requirements and levels of adoption. The Asia-Pacific region took the top spot (75 percent), followed by the U.S. with 56 percent and Europe with 31 percent in meeting at least 80 percent of the PCI requirements.
Areas where businesses struggle the most in achieving initial compliance include: security testing (23.8 percent); security monitoring and the ability to effectively detect and respond to data compromised (17 percent); and protecting stored sensitive data (55.6 percent).