Addressing PCI Compliance Takes Longer, Costs More Than Expected: Report

Aberdeen, a Harte-Hanks Company, today announced the availability of a new benchmark report on "PCI DSS and Protecting Cardholder Data," which shows that Best-in-Class organizations have indeed achieved superior protection of cardholder data through compliance with the PCI Data Security Standard (PCI DSS). Across the 12 high-level security requirements specified by PCI DSS, encouraging gains were made by all companies in the study when compared to a similar benchmark conducted one year ago. However, organizations in the study generally underestimated the time and cost necessary to achieve PCI compliance, and they significantly underestimated the cost to sustain it.

"The payment card industry has made steady progress in establishing a common set of security standards, evangelizing best practices, and encouraging adoption," said Derek E. Brink, vice president and research fellow for IT Security, Aberdeen. "Beyond the mere reporting of compliance with PCI, between 40-50% of the top-performing companies actually reduced the number of failed audits and the number of data security incidents, as well as the time and cost to address them. That's why it's so important to have clear ownership for your PCI compliance effort, and to fund the initiative for success."

Although a wide range of services and technologies must be brought to bear to address the 12 high-level security requirements specified by PCI DSS, solution areas in which the top performers showed the strongest year-over-year improvement included vulnerability and risk assessments, infrastructure security, data protection, application security, and tracking and monitoring solutions such as log management and information and event management.

A complimentary copy of this report is made available due in part by the following underwriters: LogLogic, MegaPath, SenSage, SAINT Corporation and Voltage Security. To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?cid=4892.

To access all of Aberdeen's complimentary research please visit http://research.aberdeen.com.

About Aberdeen Group, a Harte-Hanks Company
Aberdeen is a leading provider of fact-based research and market intelligence that delivers demonstrable results. Having benchmarked more than 30,000 companies in the past two years, Aberdeen is uniquely positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen(TM) for insights that drive decisions.

As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen http://www.aberdeen.com or call (617) 723-7890, or to learn more about Harte-Hanks, call (800) 456-9748 or go to http://www.harte-hanks.com.