Key findings include:
- Only 27.9 percent of global organizations were able to maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS)
- Staggering 27.5 percentage point drop in compliance since 2016 as reported in the 2017 PSR
- Lack of long term strategies and leadership commitment cited as root cause
- 10th anniversary edition of the Verizon Business Payment Security Report
Payment data remains one of the most sought after and lucrative targets by cybercriminals with 9 out of 10 data breaches being financially motivated, as highlighted by the recent
The 2020 PSR found that on average only 27.9 percent of global organizations maintained full compliance with the PCI DSS, which was developed to help businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. More concerning, this is the third successive year that a decline in compliance has occurred with a 27.5 percentage point drop since compliance peaked in 2016 (as seen in the 2017 PSR).
“Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, President, Global Enterprise,
Additional findings within the 2020 PSR shine a spotlight on security testing where only a little more than half of the organizations (51.9 percent) successfully test security systems and processes as well as unmonitored system access and where approximately two-thirds of all businesses track and monitor access to business critical systems adequately. In addition, only 7 out of 10 financial institutions (70.6 percent) maintain essential perimeter security controls.
“This report is a welcome wake-up call to organizations that strong leadership is required to address failures to adequately manage payment security. The
Lack of compliance impacts all businesses regardless of size
Small and medium-sized businesses (SMB) were flagged as having their own unique struggles with securing payment data. While smaller businesses generally have less card data to process and store than larger businesses, they have fewer resources and smaller budgets for security, impacting the resources available to maintain compliance with PCI DSS. Often the measures needed to protect sensitive payment card data are perceived as too time-consuming and costly by these smaller organizations, but as the likelihood of a data breach for SMBs remains high it is imperative that PCI DSS compliance is maintained.
The on-going CISO challenge
The report also explores the challenges CISOs face in designing, implementing and maintaining an effective and sustainable security strategy, and how these can ultimately contribute to the breakdown of compliance and data security management. These problems were not found to be technological in nature, but as a result of organizational weaknesses which could be resolved by more mature management skills including creating formalized processes; building a business model for security as well as defining a sound security strategy with operating models and frameworks.
About the
Verizon has published the Payment Security Report (PSR) since 2010, the first-ever study on the actual value and performance of the Payment Card Industry Data Security Standard (PCI DSS). The report is based on global data gathered by PCI DSS qualified security assessors (QSAs) from Verizon and other five external contributors.
More information on how
VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at https://www.verizon.com/about/media-center. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.
Media contacts:
Nil Pritam (APAC) +65.6248.6599 nilesh.pritam@sg.verizon.com | +44.118.905.3501 clare.ward@uk.verizon.com | +1 732.236.3526 kyle.ragonese@verizon.com |
Source:
2020 GlobeNewswire, Inc., source