The highlight of this year's report, however, is not the data breach numbers, but the industry-by-industry analysis of various threat types. In previous years, the highly regarded report from Verizon focused on actual data breaches investigated by either Verizon's security team or by one of its global partners. This year, the team decided to expand the report definition to include security incidents that didn't result in breaches in order to "gain a better understanding of the cybersecurity landscape," Marc Spitler, a senior risk analyst with Verizon's RISK team, told SecurityWeek.
"This evolution of the DBIR reflects the experience of many security practitioners and executives who know that an incident needn’t result in data exfiltration for it to have a significant impact on the targeted business," the report said.
Verizon RISK team researchers found that 92 percent of security incidents from the past 10 years could be categorized in one of nine "threat patterns," or attack types. The full report is available online in PDF format."
Link to Original Source