Some interesting stats in a news report by Queenie Wong in the Statesman Journal:
Cybersecurity by the Numbers
Since 2009, state agencies have been required to report the number of suspicious information security incidents to the state’s Enterprise Security Office, which is part of the Department of Administrative Services. All incidents are not necessarily considered information breaches.
In 2009, state agencies reported 44 incidents. In 2010, that number increased to 49 incidents. In 2011, the number of reported incidents dropped to 21.
During the past three months, 60 percent of reported incidents involved malware or hacking, 30 percent involved lost documents or information breaches and 10 percent were attempted attacks that were not successful.
More than 855 million emails, about 73 percent, the state receives every year are spam or malicious software and blocked before delivery.
The state thwarts about 2.2 million network device attacks per year — or about 6,250 attacks per day.