Majority of companies are still failing to comply with PCI Data Security Standard reveals survey

UK lags behind US in achieving compliance as June 30th deadline looms

Munich, (PresseBox) - A recent survey conducted by NetIQ, an Attachmate business, has revealed that 88% of organisations are still not compliant with the Payment Card Industry's Data Security Standard DSS (PCI DSS), more than two years since it first became compulsory, and that the majority of respondents have no fixed timeframe for achieving compliance.

The research, carried out by NetIQ amongst 65 IT managers across Europe, reveals that while companies are working hard to meet the demands of the PCI DSS, the compliance requirements have proven much more difficult to meet than anticipated. Coming just weeks ahead of the June 30th deadline for PCI DSS 6.6 concerning security measures to protect web applications, the situation promises to become even more complex.

The findings reveal that 54% of respondents are unable to forecast when they will be fully compliant with the standard, which was originally introduced in January 2005 to help organisations enforce security management, policies, procedures, network architecture, software design and other critical protective measures. Only 12% of respondents were currently compliant and 17% of those that responded predicted that they would be compliant within six to twelve months.

The findings also show that European companies are some way behind their US counterparts in reaching compliance with 23% of participants in a similar survey of 300 US organisations stating that they are already PCI DSS compliant. However, as with Europe, a significant proportion of US organisations could not put a fixed date on completion with 44% still unsure of their timeline for becoming fully compliant.

The road to compliance is typically a long one, as 49% of those working toward compliance had been doing so for more than six months. This may be linked to the fact that 70% of respondents believe that the penalties for non-compliance will only occasionally be levied, and 23% believe that fines would 'almost never' be issued.

An overwhelming majority of respondents believe that the main threats to cardholder security now come from within the organisation, as 78% of respondents cited 'insiders with access to data' as the main threat ahead of 'external attackers' or 'business partners.'

Adam Evans, senior security specialist for NetIQ comments: "Although companies have been working hard to achieve the PCI standards, compliance obviously eludes the majority of them and for many proves a long and arduous struggle. Tools like ours exist to ease the burden and speed up the process. Compliance represents a significant long-term commitment of resources, although the cost of a security breach and the subsequent damage to an organisation's brand could be far greater - it's a risk that's not worth taking."

netIQ Deutschland GmbH

NetIQ, ein Geschäftsbereich von Attachmate, ist ein weltweit führender Anbieter von Lösungen für das Systems und Security Management. Mehr als 12.000 Kunden in über 60 Ländern setzen NetIQ Lösungen ein, die IT-Organisationen unterstützen, IT Services im gesamten Unternehmen zu verbessern, Kosten messbar zu senken und gleichzeitig die Effizienz zu steigern. Das Portfolio von NetIQ umfasst IT Process Automation, Systems Management, Security Management, Configuration Audit, Configuration Control und Enterprise Administration sowie Lösungen für Unified Communications. Weitere Informationen finden Sie unter

Press releases you might also be interested in

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.