By its nature, cyber risk is dynamic. New events happen and evolve all the time, making it difficult for enterprises to financially quantify their financial exposure to cyber attacks. Around two years ago, for example, distributed denial-of-service (DDoS) attacks were making headlines, and now ransomware has come into heightened focus. It's reasonable to believe that other types of attacks will emerge in another two years and continue to change thereafter.

The number of data breaches reported in the first 6 months of 2022 has put this year on track to be the lowest year of reports in the last 5 years for large US corporations. By looking at the rate at which data breach events have been reported so far this year, we predict that the number of events reported is expected to be 15-20% of the number of breaches reported in 2021

The 2022 Verizon Data Breach Investigations Report (DBIR), the fifteenth such report in as many years, leads off with a startling statistic: Credentials are the number one overall attack vector hackers use in data breaches. Use of stolen credentials accounts for nearly half the breaches studied by Verizon, far ahead of phishing and exploit vulnerabilities, which account for 19% and 8% of attacks, respectively. Botnets, the fourth most common entry path for hackers, represent a mere 1% of attacks.