DBIR vs. PCIR
Does complying with the PCI DSS help prevent data breaches? The data from Verizon's most recent Data Breach Investigation Report and Payment Card Industry Compliance Report seem to indicate that this is the case. In general, businesses that suffered a breach tended to be less compliant. The following graph shows the percentage of businesses that were compliant with each of the 12 requirements of the PCI DSS. The DBIR data is for businesses that suffered a breach. The PCIR is more representative of the industry overall. In most cases, breached organizations were less compliant.