Kelly Jackson Higgins summarizes the most important point of the Verizon 2014 Data Breach Investigations Report, in Stolen Passwords Used In Most Data Breaches, when she says:
Cyber criminals and cyberspies mostly log in to steal data: Findings from the new and much-anticipated 2014 Verizon Data Breach Investigations Report (DBIR) show that two out of three breaches involved attackers using stolen or misused credentials.
“Two out of three [attacks] focus on credentials at some point in the attack. Trying to get valid credentials is part of many styles of attacks and patterns,” says Jay Jacobs, senior analyst with Verizon and co-author of the report. “To go in with an authenticated credential opens a lot more avenues, obviously. You don’t have to compromise every machine. You just log in.”
When reviewing security solutions, remember 2/3 of all security breaches involve stolen credentials.
You can spend a lot of time and effort on attempts to prevent some future NSA quantum computer from reading your email or you can focus on better credential practices and reduce your present security risk by two-thirds (2/3).
If I were advising an enterprise or government agency on security, other than the obligatory hires/expenses to justify the department budget, I know where my first emphasis would be, subject to local special requirements and risks.