The last Verizon reports
brought a lot of very good numbers to the Information Security space, so much in need for reliable data. There is always the risk of people using numbers in a wrong way, falling into the famous "base rate fallacy"
class of mistakes.Check Pete Lindstrom comments on it
, they perfectly illustrate how easy is to get wrong conclusions from those numbers. For me it's just another reason to believe that risk calculations are not as useful as we believe.