2009 PCI DSS Compliance Survey
Sponsored by Imperva
Independently conducted by Ponemon Institute LLC
Publication Date: September 24, 2009
Ponemon Institute© Private & Confidential Document
2009 PCI DSS Compliance Study
By Ponemon Institute, September 24, 2009
PCI was devised to help improve credit card security and protect consumers and card issuers
from fraud. The 2009 PCI DSS Compliance study was conducted by Ponemon Institute and
sponsored by Imperva to determine if PCI compliance improves organizational security. More
specifically, the study seeks to determine how the move to comply with PCI affects an
organization’s strategy, tactics and approach to achieving enterprise data protection and security.
In general, the findings show that PCI-DSS compliance is perceived as contributing to an
organization’s security posture. However, the main obstacle for PCI-DSS compliance is cost. For
that reason, compliance is stronger with larger, more budgeted organizations that adopt cost-
effective solutions to achieve compliance.
A total of 517 United States and multinational IT and IT security practitioners who are involved in
their companies’ PCI compliance efforts were surveyed on the following topics:
Who is most responsible in an organization for ensuring compliance with PCI DSS
What technologies enable compliance with PCI DSS requirements?
What is the scope of compliance with PCI DSS?
Does PCI DSS decrease, have no impact or increase security threats?
What is the value PCI DSS compliance provides to the organization?
Following are the most salient findings of this survey research. We have organized the report into
three parts: Part 1 presents the key findings of the survey and Part 2 discusses the evolutionary
or maturity stages an organization adopts for its data security strategy and how these stages
explain its compliance with PCI DSS. These stages were determi