Survey Finds 83% Believe Business More Secure due to PCI DSS

More than four out of five (83%) of businesses believe their organisation is more or significantly more secure due to Payment Card Industry Data Security Standard (PCI DSS), according to the fifth annual survey of PCI DSS compliance and awareness from The Logic Group. The survey results reveal a growing trend toward adoption of the standard by card security professionals and that the standard is achieving its objectives.

In the 2008 PCI DSS survey, The Logic Group found that 15% of respondents said they were fully compliant with the standard. This year, that proportion has grown to 25%. It also appears that retailers and businesses that hold card data on consumers are increasingly convinced of the benefits to PCI DSS compliance; in 2005 – when The Logic Group first conducted this survey – more than 30% of respondents expressed doubt concerning the benefits of compliance. This figure has dropped down to just 12% in 2009, while a further 88% of respondents stated that they perceive some benefit.

However, although increasing numbers are embracing the broader benefits of PCI DSS, many are under-estimating the amount of time it will take to achieve compliance. At the beginning of 2008, 71% of respondents said they were either already compliant or expected to be compliant within 12 months; one year later and the figure to have successfully achieved full compliance stands at 25%.

Gareth Wokes, chairman, The Logic Group, said: “It’s encouraging to see that so many businesses see the benefits of working towards the standard. However the survey identified a growing disconnect between the time attributed to addressing the problem and the actual scope of the task. It is vital therefore that communication from the acquiring banks and card schemes is at a consistently high level to ensure that all parties remain engaged in the process.”

The survey also discovered that organisations, although more attuned to the benefits than ever before, are almost unanimous (98%) in their belief that greater focus should be placed upon improving security not just achieving compliance for the sake of it.

“The objectives of PCI DSS have always been to make card holder data more secure – the benefits of which for businesses are myriad. It is great to see that such a significant percentage of businesses believe the security of their operations has been enhanced by the standard,” said Bob Russo, general manager of the PCI Security Standards Council. “I’m also encouraged to see respondents to The Logic Group’s survey are starting to think ‘security first, compliance follows’.”


Related reading