Gartner Survey Shows 18 Per Cent of Respondents Are Not PCI-Compliant

Report Examines Security Behaviour and Buying Trends for 2012

(PresseBox) ( Stamford, Conn., )
PCI data security standards may be a hot topic, but a recent survey by Gartner, Inc. found that 18 per cent of respondents admitted to not being PCI-compliant, even though the survey data suggested that they should be.

Gartner conducted a series of kiosk-based surveys between June and September of this year at Gartner's annual IT Security Summits and Catalyst events in North America and its Security & Risk Management Summit in EMEA. The surveys of 383 IT managers found trends in buying behaviours and permitted predictions of future security spending.

"Given that many of the technology providers in the security market target their products and help with PCI-related compliance initiatives, it came as something of a surprise that such a high percentage of survey respondents said that they were not PCI-compliant," said Lawrence Pingree, research director at Gartner. "Technology and service providers should continue to market their ability to help solve customer issues with compliance for the PCI security standards. End-user organisations must also work to address the awareness of their PCI security standards compliance status, so that their employees know whether or not they are compliant with the PCI standards."

Mr Pingree said that change is the key theme to the budget survey. Last year, 55 per cent of those surveyed said their budgets would stay the same for next year; however, this year only 30 per cent confirmed this. Furthermore, 33 per cent of respondents expected growth in their budgets, with 22 per cent expecting a 5 per cent or more IT budget increase compared with 20 per cent last year, meaning there has been a slight increase in the overall spending for security. This is despite the fact that 15 per cent of this year's respondents said they expect a budget decrease; last year 9 per cent predicted a decrease in their overall IT budget.

This year, the IT security budget planners who are expecting an increase are expecting a fairly significant increase in their security budget allocations over last year. Last year's budget expectations were for a 6 per cent share of the total IT budget expenditure to be allocated to the security function. In this year's survey, that allocation has increased to a mean of 10.5 per cent, an increase of over 4 per cent. This means that roughly 10 cents of every IT dollar allocated will be spent on IT security.

Gartner found that the dominant spending this year was on personnel, which is similar to last year; however, this year allocation is down slightly from 35 to 32 per cent. Consulting services and outsourcing services are also both lower from last year's numbers, with a significant consulting decrease from 14 per cent last year to 11 per cent this year, and outsourcing dropped from 18 per cent last year to 11 per cent this year.

Budgetary increases this year came in both hardware and software spending, with hardware up from 18 per cent last year to 22 per cent this year, and software up from 20 per cent to 22 per cent as organisations continue to deploy products to address heightened security issues based on recent press and large-company data breaches.

Mr Pingree said that organisations are planning on reducing resources to administer the security technologies they have added to their portfolios this year by leveraging better initial integration or through reduced ongoing external consulting. They will most likely do this by utilising increased automation in many security products and working to make their internal security workflows more efficient, lowering demand for overall human resources or consulting costs.

When asked about the top security projects for 2011, respondents put data loss prevention (DLP) at the top of their list with user provisioning and event management coming in second and security information and event management (SIEM) coming in third on the priority list. Intrusion detection, network access control, application security, and IT governance, risk and compliance management (GRCM) tools also rank high up on the list.

"This new focus on data-loss prevention is critical when considering the dynamic nature of cloud environments and trends to virtualise application workloads," said Mr Pingree. "This will be considerably important in order to support the attachment of business policy controls to data types as the dynamic nature of data movement within application workloads is sought."

Additional details are in the Gartner report "User Survey Analysis: 2012 Security Buying Behaviors and Budget Trends" which is available on Gartner's website at The Gartner IT Security Buying Behaviors and Budget Trends survey research is conducted each year to elicit the buying behaviours from respondents at Gartner's security-related events on a worldwide basis.

Mr Pingree will also host the complimentary Gartner webinar, "Protect Your Enterprise: Manage Mobile Tablet & Smartphone Risk" today, at 3pm and 6pm UK time. To register for this free webinar, please visit
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to