Almost a fifth of IT managers admit that their firm is not PCI compliant, even though they could be risking security.
To be PCI compliant, businesses have to follow data security standards set out by the payment card industry, with online businesses and retail organisations most likely to be impacted.
However, a study by Gartner has revealed that of the 383 IT managers they polled at Gartner's annual IT Security Summits and Catalyst events in North America and its Security & Risk Summit in EMEA, 18 per cent admitted that they did not comply with PCI regulations.
"Given that many of the technology providers in the security market target their products and help with PCI-related compliance initiatives, it came as something of a surprise that such a high percentage of survey respondents said that they were not PCI compliant," said Lawrence Pingree, research director at Gartner.
However, he added that another area of interest was the number of organisations changing their IT budgets.
According to the study, in 2010 55 per cent of respondents said their budget would be staying the same for the next year, but in 2011 only 30 per cent of people suggested this.
Instead, 33 per cent expected IT budgets to increase, with 22 per cent planning an increase of more than five per cent.
However, 15 per cent think that IT budgets will decrease next year.
At the top of the resourcing list is data loss prevention, while information security and event management also ranked highly.
Graeme Batsman, director of Data Defender, said that businesses need to take security more seriously and consider introducing a layered approach.
He said that adding user accounts could be beneficial, as then a hacker may have limited access, depending on the privileges given to the individual.
Looking for information security jobs? Find the latest roles with Barclay Simpson, leaders in information security recruitment
|
Email this article to a friend
Print this page
Search Articles
