That compares to 62% of non-compliant organizations.
The number of merchants reporting a data breach in the previous 24 months rose 7.6% from 79% in 2009 to 85% this year, according to a new report, “2011 PCI DSS Compliance Trends Study,” which was produced by the market research firm Ponemon Institute and commissioned by data security firm Imperva.
Moreover, the report, which was based on a survey of 670 U.S. and multinational information technology professionals, found a significantly lower fraud rate for businesses that are compliant with payment card security requirements, known as PCI. 64% of PCI-compliant said they did not suffer a data breach involving credit card data over the past two years, compared to 38% of non-compliant businesses.
Despite those data points, many I.T. professionals remain skeptical about the benefits of PCI compliance, which can require considerable effort to achieve, especially for larger retailers. Only 12% of respondents said they believed compliance resulted in a decline in the number of data breaches a business experienced. Even so, the number of non-compliant businesses declined 36% from 25% in 2009 to 16%.
"At the end of the day, we believe that PCI-DSS is one of the most effective data security regulations today and can significantly help companies improve their data security posture," says Amichai Shulman, co-founder and chief technology officer of Imperva. "Most companies who make an effort to comply with the standards are likely to suffer fewer breaches than those who don't—period."