80% Fail To Maintain PCI Compliance Between Assessments

http://www.zazzle.com/i_failed_pci_dss_tshirt-235974591414510266OUCH. Verizon said in a report this month that nearly 80% of organizations that achieve annual compliance with the PCI Data Security Standard -fail- to maintain that status after passing the audit. That results in being open to potential data breach risks and other security threats. We all know that PCI is an acceptable security baseline and then you build your full security posture on top of that. But not even having PCI compliance in place year-round is asking for trouble.

Verizon reported on the annual PCI compliance assessments that they performed as a service for well over 500 organizations the last few years. The numbers are based on actual compliance data gathered from organizations in the financial services, retail, travel and hospitality sectors and some other markets.

Rodolphe Simonetti, managing director, PCI practice for Verizon Enterprise Solutions said: "More than 82% were compliant with only about eight in 10 PCI requirements at the time of their annual assessments and needed an additional three months or so to close the gaps".

Many organizations see PCI compliance as a hurdle they need to take once a year, and then take their attention off the issue. They treat it as an annual "goal" rather than treating it as part of their continuous risk mitigation.

"It is really a failure to use compliance standards and tools on a day-to-day basis," Simonetti said. Not enough manpower and budget are known challenges to maintain ongoing PCI compliance at many companies, but the security issues that remain unresolved can be disastrous.

Request A Demo: Compliance Plus

Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

CMP-Collage-LCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: KnowBe4, Compliance

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews