Verizon has just released its 2010 PCI Compliance Report [PDF] which looks at PCI Data Security Standard (PCI DSS) assessments done by Verizon and looks at how organizations are attempting to become compliant. The report also compares companies in a "normal" population vs those that have suffered security breaches.
This report does not attempt to argue that the PCI DSS are too high or too low but instead attempts to look at how companies are attempting to meet those standards and what issues are holding them back.
"The degree of security that the standard is designed to deliver becomes a baseline that an organization should adhere to; one that assures it is doing its part to address the industry- wide risks present to all participants in the economic system."
Findings from the study include: