As noted, the PCI DSS regular recognizes that not all organizations have equivalent risk things or equal capability to roll out security infrastructure. A hard prerequisite is providers should report information breaches to supervisory authorities and folks afflicted by a breach within 72 hrs of when the breach was detected. https://cybersecurityconsultinginsaudiarabia.blogspot.com/