Merchants that undergo network audits to ensure compliance with Payment Card Industry Data Security Standards are paying an average of $225,000 each year. 10% of these business are paying $500,000 or more annually, according to a new study. 2% of businesses assessed by the QSAs fail the audit, and 41% rely on what are called “compensating controls” under the PCI rules. The Ponemon Institute under sponsorship of Thales surveyed 155 qualified security assessors (QSA) worldwide.”]
Source: https://www.csoonline.com/article/2124901/average-annual-cost-of-pci-compliance-audit—225k.html