There is some good news. Businesses, it seems, are getting ever-so-slightly quicker at actually spotting breaches: the average time between compromise and discovery has apparently gone down from 146 to 99 days. But of course, this is still more than adequate time for hackers to access what they are looking for.

Those of us who have been involved in cyber security for decades are familiar with the ‘cat and mouse’ game described in the report. Cyber attackers continue to hone their tactics; they evolve and get smarter – and it’s the job of security teams to continue to keep up.

So what have criminals been up to over the last year? Well, you’ve heard of ‘state sponsored’ hacking. On the one hand, this report shows that many run of the mill hackers have boosted their skillset so they are now comparable with state-level actors.

But one new trend came as a particular surprise to the report’s authors: criminals getting on the phone to their targets to get the information they need to launch an attack. Hackers, it seems, are becoming more sophisticated with the help of some decidedly ‘old school’ con tricks.

1. The hacker realises that a generic-themed, unprompted email will most likely be picked up by the target company’s corporate email controls.

2. So the hacker does a little digging (via LinkedIn or the company’s website). He identifies a named individual and comes up with a credible ruse to make contact – such as a potential new supplier of office materials – or even a new client enquiry.