The latest version of the Payment Card Industry (PCI) Data Security Standard will soon require businesses to implement and perform penetration testing, but only 41 percent of retail sector enterprises currently use penetration testing to identify security risks.