The experts pointed to the lack of long-term security strategies among business leaders.
In its new Verizon Business 2020 Payment Security Report (2020 PSR), Verizon Business at Verizon Communications pointed to a lack of long-term security strategies among business leaders. This puts the risk of attacks on cardholders and seriously impacts compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Payment data remains one of the most sought after and lucrative targets for cybercriminals, with 9 out of 10 data breaches being financially motivated. In the retail sector alone, 99% of security incidents analyzed by experts were aimed at obtaining data on payments for criminal use.
On average, only 27.9% of international organizations fully comply with PCI DSS requirements, designed to help businesses offering card payment services protect their payment systems from hacking and theft of cardholder data. According to experts, the decline in compliance with regulatory requirements has occurred for the third year in a row - by 27.5% since 2016.
“Many companies lack the resources and commitment from senior leaders to support long-term data security and compliance initiatives. This is unacceptable, ”said Sampath Sowmyanarayan, President of Global Enterprise.
According to the researchers, the coronavirus pandemic has forced consumers to abandon the traditional use of cash and switch to contactless payment methods using payment cards and mobile devices. This led to the emergence of more data on electronic payments.
Just over half of organizations (51.9%) successfully test security systems and processes, of which two-thirds monitor and control adequate access to business-critical systems. Only 7 out of 10 financial institutions (70.6%) provide perimeter security.
The report also explores the challenges that CIOs face in developing, implementing and maintaining an effective and sustainable security strategy, and how they can ultimately contribute to breaches of compliance and data security governance. These problems were found to be not technological in nature, but are the result of organizational weaknesses that can be addressed with more management skills, including creating formalized processes, building a security business model, and defining a robust security strategy with operational models and structures.