Majority of companies are still failing to comply with PCI Data Security Standard reveals survey
UK lags behind US in achieving compliance as June 30th deadline looms
The research, carried out by NetIQ amongst 65 IT managers across Europe, reveals that while companies are working hard to meet the demands of the PCI DSS, the compliance requirements have proven much more difficult to meet than anticipated. Coming just weeks ahead of the June 30th deadline for PCI DSS 6.6 concerning security measures to protect web applications, the situation promises to become even more complex.
The findings reveal that 54% of respondents are unable to forecast when they will be fully compliant with the standard, which was originally introduced in January 2005 to help organisations enforce security management, policies, procedures, network architecture, software design and other critical protective measures. Only 12% of respondents were currently compliant and 17% of those that responded predicted that they would be compliant within six to twelve months.
The findings also show that European companies are some way behind their US counterparts in reaching compliance with 23% of participants in a similar survey of 300 US organisations stating that they are already PCI DSS compliant. However, as with Europe, a significant proportion of US organisations could not put a fixed date on completion with 44% still unsure of their timeline for becoming fully compliant.
The road to compliance is typically a long one, as 49% of those working toward compliance had been doing so for more than six months. This may be linked to the fact that 70% of respondents believe that the penalties for non-compliance will only occasionally be levied, and 23% believe that fines would 'almost never' be issued.
An overwhelming majority of respondents believe that the main threats to cardholder security now come from within the organisation, as 78% of respondents cited 'insiders with access to data' as the main threat ahead of 'external attackers' or 'business partners.'
Adam Evans, senior security specialist for NetIQ comments: "Although companies have been working hard to achieve the PCI standards, compliance obviously eludes the majority of them and for many proves a long and arduous struggle. Tools like ours exist to ease the burden and speed up the process. Compliance represents a significant long-term commitment of resources, although the cost of a security breach and the subsequent damage to an organisation's brand could be far greater - it's a risk that's not worth taking."
netIQ Deutschland GmbH
NetIQ, ein Geschäftsbereich von Attachmate, ist ein weltweit führender Anbieter von Lösungen für das Systems und Security Management. Mehr als 12.000 Kunden in über 60 Ländern setzen NetIQ Lösungen ein, die IT-Organisationen unterstützen, IT Services im gesamten Unternehmen zu verbessern, Kosten messbar zu senken und gleichzeitig die Effizienz zu steigern. Das Portfolio von NetIQ umfasst IT Process Automation, Systems Management, Security Management, Configuration Audit, Configuration Control und Enterprise Administration sowie Lösungen für Unified Communications. Weitere Informationen finden Sie unter www.netiq.com