Retail - Retail IT Security has often been reactive and underfunded; however, gaps insecurity are now becoming a critical issue. From a technology perspective, retailers have historically taken a checkbox approach to PCI compliance. Compliance-driven security has resulted in incomplete data protection and poorly integrated pointsolutions spread over a wide geographic area. Further, endpoint security is often neglected on Point-of-Sale systems due to challenges in implementation, maintenance, and training. With limited staffing and conflicting priorities, retailers are challenged in combating security threats. In principle, responsibility for IT security cannot be ignored. Finally, many retailers lack a governance process and focus instead on regulatory compliance at the expense of a framework that governs information.