Cyberattacks are becoming increasingly sophisticated, according to Verizon's "2015 Data Breach Investigations Report."
However, 70 percent of attackers use a combination of decades-old techniques such as phishing and hacking and involve a secondary victim.
Many existing vulnerabilities still remain open because security patches that have long been available were never implemented.
In 60 percent of breaches, attackers are able to compromise an organization within minutes.
"We continue to see sizeable gaps in how organizations defend themselves," said Mike Denning, vice president of global security for Verizon Enterprise Solutions. "While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilantin covering their bases. This continues to be a main theme, based on more than 10 years of data from our 'Data Breach Investigations Report'series."
More vigilant cybersecurity
Verizon recommends that many cyberattacks could be prevented through a more vigilant approach to cybersecurity.
Organizations should make people their first line of defense and only keep data on a "need-to-know basis."
The report also advises to encrypt sensitive data, use two-factor authentication, and remember to use physical security.
Verizon security analysts have used a new assessment model to predict that 95% of time the cost of a breach involving 10 million records will fall between US$2.1 million and US$5.2 million.
95% of time the cost for breaches with 100 million records will fall between US$5 million and US$15.6 million, and could top out at US $199 million.
"We believe this new model for estimating the cost of a breach is groundbreaking, although there is definitely still room for refinement," said Denning. "We now know that it's rarely, if ever, less expensive to suffer a breach than put the proper defense in place."
Sign up for CIO Asia eNewsletters.