In this report, we distill a range of Payment Security and compliance subjects into valuable insights to help CISOs and others break down complex thinking into digestible bits. We explore various tools, tactics and methods applied by numerous organizations and take a look at why some companies accomplish so much more than others in their efforts to achieve sustainable and effective data security. We distinguish between approaches that separate busy security teams from productive security teams, the different ways decisions are made that impact how strategies are formed, and which goals are embraced. For example, why are technology solutions prioritized while the maturity development of capabilities and processes are ignored? How can leaders adapt, innovate and evolve during challenging times to improve their control environment posture and security cultures? The recommendations included in this report should have an immediate, positive impact. We explain the top security pitfalls and present solutions to equip CISOs with approaches to take with data security compliance challenges.
Executive Summary
While Payment Security is a complex problem, it doesn’t need to be complicated. A subject or entity is complex when it consists of multiple parts. It only becomes complicated when you are unable to distinguish between the parts and their relations to each other. The individual elements to build and maintain a successful data security program and their interrelationships are known. In this report, we explore the essential elements needed to successfully construct and cross the compliance bridge without falling prey to the impact of external, environmental shifts during challenging times.
Too few organizational leaders, C-suite executives and others understand the underlying reasons for their company’s lack of sustainability and control effectiveness. For this reason, we devoted this issue of the PSR to revisiting the challenges CISOs face in designing, implementing and executing a sound data security compliance program and in leveraging the power of strategic thinking.
Threats to payment card data continue to increase and impact the payment security landscape in numerous—and increasingly insidious—ways. The negative disruption from payment security data breaches can have a temporary or lasting impact on an organization’s sales and company stock price and reputation.
With the potential for such severe repercussions, it’s an enigma why compliance sustainability continues to atrophy, as seen in our mostrecently compiled Verizon data.
Fewer and fewer organizations are demonstrating the ability to keep a minimum baseline of payment security controls in place. In 2019, from the total population of organizations assessed on PCI DSS compliance, only 27.9% of organizations achieved 100% compliance during their interim compliance validation.1 This is a further 8.8 percentage-point (pp) drop from the year before, when only 36.7% of organizations demonstrated full compliance.
Download the report to find more.