"One of the most stark things in this data is that once the bad guys get in your network, they were there for weeks or months or years,'' Novak said. "The fact that they can do some serious damage is not so surprising given the timespan of these incidents.''

While CIOs have been focused on securing mobile devices, particularly those owned by employees, the bigger threat is to the servers they operate. Verizon said that 94% of all data compromised last year involved servers, not endpoints.

"We've had a relatively small amount of situations regarding [Bring Your Own Device] scenarios,'' Novak said. "The policies around that are very, very strict in most organizations. With mobile device management software, there is a limited ability to do damage from a stolen smartphone. The majority of devices being targeted are servers.''

Similarly, few security breaches involved last year.

"We're finding that the cloud in and of itself doesn't seem to be a significant threat overhead,'' Novak said. "A lot of the breaches we're seeing are when something is moved to the cloud and it had a vulnerability before hand that wasn't fixed. Generally, we're not seeing the cloud add significant risk.''