Verizon has released an awaited follow-up to their annual DBIR. This release appears to focus on the correlation between data breaches and compliance to the PCI DSS. The report is near the bottom.
I can definitely say that the press release initiailly rubs me wrong for two reasons. First, I think it is obvious (at least to us) that activities that improve security (e.g. align with PCI suggestions) will, uhh, improve security. Second, anything that insinuates security via compliance sets a dangerous tone, namely that if you’re compliant you should be secure.
However! From my very superficial skimming of the pdf, this report looks much more interesting than just those two points up above that the press release seemed to salivate over. I’m also nitpicking that press release pretty hard. It might be one of those things where you see the title and opening paragraphs and suddenly start seeing red and it colors the rest of the text with that hue.
Picked this news up from Jack Daniel.