LONDON, Apr 29, 2009 (BUSINESS WIRE) — Breach Security, Inc., the leader in web application integrity, security and PCI compliance, and Evolution Security Systems Ltd today jointly released their 2008 UK PCI Compliance Report. Evolution Security Systems is a leader in digital and information security, partnering with institutions to protect their assets and manage their security infrastructure on an ongoing basis. Surveying UK organisations across a variety of market sectors, including healthcare, government, e-commerce, finance and banking, the report findings indicate that PCI compliance is important to eight in 10 UK organisations. Further, 57 percent, are either PCI compliant or actively working toward becoming compliant. While this represents good progress, it also indicates that the UK is trailing the United States in adoption of PCI compliance.
In addition, the survey found that 16 percent of organisations don’t know what it means to be PCI compliant and nearly one in five companies reported not knowing if PCI compliance is important. “With over 40 percent of UK organisations not serious about PCI compliance, sensitive customer and cardholder data is in jeopardy for many of the online transactions that take place,” said Sanjay Mehta, SVP for Breach Security. “Web application hackers are becoming both more savvy and malicious with each passing month, and without the protection afforded by PCI compliance, the data security of these organisations is at risk.”
“PCI compliance has become a significant priority around the world, particularly in the United States, and UK organisations need to wake up to the threat,” said Dale Moreton, head of sales and marketing at Evolution Security Systems. “In addition to trailing U.S. adoption rates, it’s concerning that 20 percent of UK organisations are naive about PCI compliance, its importance and the ramifications of ignoring it.”
With online customer data being nearly impossible to secure and easy to hack, the Payment Card Industry (PCI) established compliance requirements to protect customers by including web application security requirements in its Data Security Standard (DSS). All organisations that process, store or transmit credit, debit or other payment card information must be in compliance with the PCI DSS. Further, requirement 6.6 states that all web-facing applications must be protected and web application firewalls have become the de facto standard for compliance in enterprise organisations.
Breach and Evolution’s report found that one in three UK organisations are not planning to become PCI compliant, while 18 percent are planning to become compliant in three to six months, 11 percent in six to 12 months, and five percent in more than one year.