In this report, we analyze data and leverage insights from over 1,000 investigations The Crypsis Group conducted in 2019, ranging from ransomware, business email compromise (BEC), payment card breaches, and nation state attacks, to inadvertent data disclosure incidents and insider threat investigations. Our intention is not to criticize those charged with protecting information technology assets, but rather to offer rich, deep insights into real-world cybersecurity risks and, importantly, provide practical advice on how organizations can protect themselves. We present this data within commonly encountered incident types and discuss the interconnected nature of attacks within each.