The situation with data compromises is complex, they note in the introduction:
You can focus initially on the executive summary to get a broad picture. For example, who are the victims (mostly financial institutions and retail), who are the bad guys (overwhelmingly outsiders), and how the breaches occur (network intrusions, overwhelmingly; so, how are your quarterly external network scans going?...).All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity .
Among the most frustrating observations is that the breaches continue to be opportunistic, of a relatively low level of difficulty, and driven by financial motives.
The report has 63 pages of information, charts, and graphs. I recommend it to you. I am still digesting it, so there may be more later. For a great summary, the folks at Securosis prepared this overview. But please don't stop there. Download the report and read it yourself!