Data security is not a priority as over half of IT companies suffer breaches
26.01.2016 400 views
54% of IT professionals said their companies had a data breach involving payment data, a recent study shows.
According to a recent survey conducted by the Ponemon Institute on behalf of Gemalto, over half (54%) of respondents said their company had a security or data breach involving payment data, four times in past two years in average. 55% said they did not know where all their payment data is stored or located.
Findings unveil that ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.
54% of respondents said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data, while 59% said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.
Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution. 74% said their companies are either not PCI DSS compliant or are only partially compliant.
Source: The Paypers