Understanding the future of security could come down to grasping the way that real-world threats vary by sector over time, getting away from the generalisations that have ruled a lot of security discussion in recent years.
This might help enterprises fight back because, according to report author Wade Baker, "after analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime and the bad guys are winning."
"Organizations need to realize no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organization - often weeks or months, while penetrating an organization can take minutes or hours," Baker said. The attackers were simply innovating faster than the defenders.
A major weakness that jumped out was the way customer credentials were being abused in many breaches, exploiting weaknesses in privilege management and authentication, he said.
After a year that witnessed some of the largest data breaches in history, Verizon's DBIR comes bearing more bad news: every enterprise, large and small, well-protected or not, is now vulnerable to data loss whether it wants to face this fact or not. Salvation lies in information and analysis, in making the specific nature of some attacks visible.
Sign up for CIO Asia eNewsletters.