"Activist groups created their fair share of misery and mayhem last year...They stole more data than any other group," the report said. "Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. While good old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role across the caseload."

As in previous years, Verizon has found that most cyberattacks were avoidable if network managers followed best practices for information security. Verizon said that 96% of attacks were "not highly difficult," and 97% of attacks were avoidable through "simple or intermediate controls.''

"The large majority of these attacks were not highly sophisticated," said Chris Novak, managing principal on Verizon's data breach investigation response team. "A lot of what we're talking about is known vulnerabilities, like weak passwords. But knowing something is wrong and doing something about it are two different things. I know I'm supposed to eat well and exercise, but I don't always do it."

One of the biggest threats to organizations with more than 1,000 employees were phishing attacks and other scams that involved tricking employees into infecting their systems with malware. These organizations also were more likely to have stolen passwords and physical break-ins to data centers than smaller employers.

Once a corporate network has been penetrated by hactivists or cybercriminals, it takes a long time for network managers to figure out, Verizon said. It took weeks or months to discover 85% of the security breaches in 2011, and 92% of these breaches were discovered by a third-party rather than the company's IT staff.