Crisis management will get you through the initial impact of a disaster, but you need a comprehensive business continuity program to sustain you beyond 48 hours.

An effective executive risk council can help reduce the impact of a potentially devastating cyber-attack, and maintain that ever-important bond of trust.

Two themes emerge from Verizon's "2013 Data Breach Investigations Report." First, a substantial increase in the number of partners that contributed threat data—18 cyber-enforcement entities from around the world, up from just four a year earlier—appears to have brought more balance to the findings. Second, there are stronger patterns behind security breaches than previous reports had indicated. Specifically, more than two-thirds of all breaches investigated by Verizon fell into one of three categories: physical attacks on automated teller machines (ATMs); penetration techniques such as phishing, malware and hacking; and point-of-sale "smash-and-grab" attacks. "While some may argue that we are dealing with an intelligent and adaptive adversary, the data tells us that adaptation isn't necessary for many of these attackers," the report's authors write. "Treating our adversaries as random and unpredictable is counterproductive. We may be able to reduce the majority of attacks by focusing on a handful of attack patterns." The data set for this year's report represents more than 47,000 reported security incidents in 27 countries, including 621 confirmed data disclosures, 421 of which fell into one of the above-mentioned categories.