Since the launch of the popular Verizon Breach Investigations Report (VBIR) and its subsequent imitators, I have been asking what I believe to be a simple and fundamental question: Do the reported breaches actually just represent attacks that are less well-conceived and/or constructed? The basic assumption is that these reports include these breaches because they were detected. I suppose I could attribute this detection to the savvy of the attacked organization. Alas, statistics from these studies show that most attacks are detected by third parties, not the attacked party. So I feel comfortable eliminating a bias toward the detection acumen of the attacked organization.