The expensive repercussions of these attacks include information loss (44 percent of associated costs), business interruption (30 percent of costs) and loss of revenue (19 percent of losses).

The number of data breaches, and their correlation to exposed records, is more difficult to pinpoint as the reported figures fluctuate from year to year. According to the Identity Theft Resource Center, there were 157 breaches in 2005 that caused the exposure of 66.9 million pieces of information. Jumping forward to 2008, 656 breaches exposed 35.7 million records. But in 2009, there were 447 breaches and only 17.3 million data exposures.

The center notes that while data-breach incidences have stayed above 400 since 2010, there were only 16.2 million, 22.9 million, and 17.3 million record exposures each year from 2010-2012, respectively.

This should not be taken as a sign to relax, writes Hartwig, who notes that former U.S. Homeland Security Secretary Janet Napolitano “recently warned that a major cyber attack is a looming threat that could have the same type of impact as Superstorm Sandy, knocking out power to a large swath of the Northeast,” with water, electricity and gas especially exposed to infrastructure damage.

Hartwig also says the reported numbers themselves mightnot be entirely accurate. He says as federal agencies like the SEC begin to require disclosure for public companies on cyber attacks, the number of reports will increase. “I think that reporting of cyber attacks is erratic and still in its infancy and so there's no consistency in the numbers,” he says. “Many companies and government agencies simply do not disclose attacks for fear of spooking customers, investors and other constituents.”

Hartwig adds, “While it's absolutely true that there have been large investments and improvements in cyber security that continue to thwart the majority of attacks, would-be cyber assailants do not sit by idly. Rather, their techniques and technology continue to evolve at a rapid pace. We need also be concerned about the threat of cyber terrorism and state-sponsored cyber attacks (e.g., China, Syria).”

The majority of the 447 data breaches reported in 2012 affected businesses (37 percent) and medical and healthcare companies (34.5 percent), far outpacing attacks on military and banking operations. The I.I.I. says LinkedIn, eHarmony, Zappos and Yahoo all experienced major public breaches last year.

However, when systemically important organizations get hit, they get hit hard: the government and military led all other sectors in number of records lost last year (7.7 million records, or 44.4 percent of all data lost to cyber attacks).

Thefts on banking and financial institutions still lagged behind in all categories, accounting for 3.8 percent of all breaches and 2.7 percent of records exposed in 2012. A March 2013 attack on South Korean banks and media companies paralyzed money machines across the country, and last year, card processor Global Payments lost 1.5 million cardholder payment card numbers.

Despite the rising costs and media attention given to cyber attacks in recent years, Harvard Business Review Analytic Services reports that less than 20 percent of all companies purchase cyber risk insurance to cover their costs in case of loss.