PCI compliance after a breach
Verizon's recent 2011 Data Breach Investigations Report (PDF) has some interesting information about what fraction of their customers were found to be compliant with the requirements of the PCI DSS after a breach had occurred. Here's a graph of what they found. The number on the horizontal axis is the number of the PCI DSS requirement. This makes it fairly easy to see trends, although it's probably not worth calling changes over just a few years a trend.