Earlier this year the U.S. Secret Service in coordination with Verizon and the Dutch National High Tech Criminal Unit released the 2011 Data Breach Investigations Report. 
 
An interesting outcome of the report is that in 2010 cyber attacks decreased significantly from earlier years, but the number of actual breaches was the highest ever. A possible reason for outcome is that hackers are no longer going after the big targets in large numbers, but instead are focusing their efforts on smaller and more vulnerable companies.   In fact, the report reveals that 83 percent of the hacks were aimed at “targets of opportunity,” and 92 percent of the attacks were rated as “not highly difficult”.
 
However, there is another report that I think should also be highlighted.  Yesterday, the Washington Post reported that the Intelligence and National Security Alliance will issue a study this month that recommends that the “U.S. must develop cyber intelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.”  It also warns that U.S. interests can suffer “catastrophic” losses” in the absence of a comprehensive plan for addressing cybersecurity threats and responses.
 
Although these reports are confirming facts that we already know or suspect are true, it is the type of information that resonates with policymakers.  These and other similar reports serve as a steady drumbeat in favor of comprehensive cybersecurity and data breach reform.