13 March 2015

COMPLIANCE vs SECURITY: MUSINGS ON THE VERIZON PCI COMPLIANCE REPORT 2015

Well, it’s the start of all those analytical reports for 2015 and I'm glad that this one is out to give us an account on PCI across the world…
In this year’s report, for an account of breaches in 2014, we have a new addition on the analysis of usage of compensating controls and compliance sustainability… Interestingly, whilst compliance across the case load showed an increase of 80% for companies that validated compliance, it still represented only 20% of organisations assessed, and unfortunately, many fall out of compliance rather rapidly with nearly a third of organisations falling out of compliance less than a year after successful validation… It’s the old potato again: those organisations that haven’t embedded security in their DNA will only ever treat it as a compliance exercise and forget about it until the next time an assessment is due...