No organisation was fully compliant with the Payment Card Industry Data Security Standard (PCI DSS) at the time of data breach, a report said on Thursday.
According to the 2017 Payment Security Report (2017 PSR) by Verizon Security Professional Services, all organisations it investigated showed lower compliance in 10 out of the 12 PCI DSS key requirements.
The overall PCI DSS compliance has, however, increased among global businesses, with 55.4 per cent of organisations Verizon assessed passing their interim assessment in 2016, compared with 48.4 per cent in 2015.
“While it is good to see PCI compliance increasing, the fact remains that over 40 per cent of the global organisations we assessed — large and small — are still not meeting the standards,” said Rodolphe Simonetti, Global Managing Director, Security Consulting, Verizon, in a statement.
The findings of the report demonstrated a link between organisations being compliant with the standard and their ability to defend themselves against cyber attacks.
Globally, IT services industry achieved the highest (61.3 per cent) full compliance of all key industry groups during the interim validation.
It was followed by financial services organisations (59.1 per cent), retail (50 per cent) and hospitality (42.9 per cent).