Larry Ponemon, chairman and founder of the Ponemon Institute said in a recent podcast about the survey that he finds that statistic “very disturbing,” because failing to treat data protection as a strategic business initiative could ultimately lead to loss of customer confidence and trust.In addition, 60 percent of survey respondents said their organization does not have enough resources to become PCI compliant. And 79 percent of respondents said their organization has experienced a data breach.
“I looked at the number [27 percent] and said ‘…that seems pretty low,' Larry Ponemon, chairman and founder of the Ponemon Institute, said in a recent podcast about the survey. “But then you think about it, a lot of organizations see PCI as a compliance thing only. So if you look at all of the organizations that potentially have to comply or should be complying with PCI, to say that 30 percent agree that their security posture improves, suggests that PCI is pretty successful.”
Seventy-five percent of respondents said their organization has achieved some level of PCI DSS compliance, the survey found. Just 22 percent said that they have achieved full compliance for all enterprise applications and databases, 28 percent were compliant for “most” and 25 were compliant for “some.”
For many organizations, though, data security efforts do not extend beyond the protection of credit card information. Fifty-five percent of respondents said their organization doesn't secure Social Security numbers or other potentially sensitive information.