The good folks over at Verizon Business have cranked out another report, this one on on PCI.
I urge you to read the PDF for yourself (yes, PDF, and file format we should trust just as much as EXE these days). The blog post and podcast underwhelmed me, but you may see value in them.
PDF: http://www.verizonbusiness.com//resources/reports/rp_2010-payment-card-industry-compliance-report_en_xg.pdf
The Blog post is at http://www.verizonbusiness.com//worldwide/about/news/pr-25614-en-%5BURLLINKTEXT+%5D.xml
and a short podcast: http://www.verizonbusiness.com/worldwide/resources/media/index.xml?urlid=131366
I need to digest it before adding commentary. Remember that Verizon Business has a large PCI practice. I’m not saying there is any bias or spin- but it would be naive to overlook that fact. Also, keep in mind that like the DBIR, the sample organizations are self-selecting, they are companies which can afford, and use Verizon for business services. (That’s one of the great things about the latest DBIR, the addition of Secret Service data for normalize results).
Jack