I had a chance over the weekend to finish reading the Verizon 2012 Data Breach Investigations Report. It’s a compilation of data about 2011 data breaches and they try to call out what they see as interesting in addition to showing a few different views of the data. It’s worth reading to get a sense of how complex security is, and how varied the attacks are. It’s also interesting to see that physical attacks are rare, less than 1% (which doesn’t mean we’re over-investing in physical security).
It’s not a bad read, you can skim if you need to and still pick up some good stuff. They have reports going back years if you get interested and want to learn more.