Data security is not a priority as over half of IT companies suffer breaches

According to a recent survey conducted by the Ponemon Institute on behalf of Gemalto, over half (54%) of respondents said their company had a security or data breach involving payment data, four times in past two years in average. 55% said they did not know where all their payment data is stored or located.

Findings unveil that ownership for payment data security is not centralized with 28% of respondents saying responsibility is with the CIO, 26% saying it is with the business unit, 19% with the compliance department, 15% with the CISO, and 14% with other departments.

54% of respondents said that payment data security is not a top five security priority for their company with only one third (31%) feeling their company allocates enough resources to protecting payment data, while 59% said their company permits third party access to payment data and of these only 34% utilize multi-factor authentication to secure access.

Less than half of respondents (44%) said their companies use end-to-end encryption to protect payment data from the point of sale to when it is stored and/or sent to the financial institution. 74% said their companies are either not PCI DSS compliant or are only partially compliant.