Could we have multiple security incidents in a single year?
Our analysis of probability in the IRIS 2025 focused on the likelihood of experiencing at least one security incident within a year. It’s possible, of course, for organizations to suffer more than one loss event in that timeframe, and veteran IRIS readers may recall that prior studies included a table of probabilities for at least one, two, and three incidents in a 12-month period. Those readers may be disappointed upon realizing updated tables are missing from the latest IRIS. If that describes you, this should ease your disappointment.
