Findings from the Verizon 2017 Payment Security Report demonstrate a link between organizations being compliant with the Payment Card Industry Data Security Standard and their ability to defend themselves against cyberattacks, according to a press release.
Of all payment card data breaches Verizon investigated, no organization was fully compliant at the time of breach, and showed lower compliance with 10 out of the 12 PCI DSS key requirements.
Overall PCI compliance has increased among global businesses, with 55.4 percent of organizations Verizon assessed passing their interim assessment in 2016. This is an increase from 2015, when only 48.4 percent of organizations achieved full compliance during their interim validation.
This means that nearly half of retailers, restaurants, hotels and other business that take card payments are still failing to maintain compliance from year to year.
“There is a clear link between PCI DSS compliance and an organization’s ability to defend itself against cyberattacks,” Rodolphe Simonetti, global managing director for security consulting for Verizon, said in the release. “While it is good to see PCI compliance increasing, the fact remains that over 40 percent of the global organizations we assessed — large and small — are still not meeting PCI DSS compliance standards. Of those that pass validation, nearly half fall out of compliance within a year — and many much sooner.”