Cybersecurity carries a certain mystique. This comes from a combination of people not being “tech savvy,” sensationalized or incorrect headlines (“Guests Locked in Their Hotel Rooms by Ransomware”), superficial advice from so-called experts and technology-driven cure-alls. The reality is that if you focus on the basics, you will be better positioned to be “Compromise Ready.” Like other material risks companies face, cybersecurity readiness requires an enterprise wide approach tailored to the culture and industry of the company. There is no one-size-fits-all solution.

We started analyzing data collected from the hundreds of security incidents we manage annually to provide a resource for businesses to help focus their time and budgets in the right places. Clients have used our reports to prioritize and gain executive support for their security spending, educate their board and executive leadership team, fine-tune their incident response plans, vet and select forensic firms, build scenarios for tabletop exercises, and determine the type of cyber liability insurance needed. Our third year of reporting takes a look at the more than 450 incidents we worked on in 2016.