Ah, yes I see what you mean. You got an excellent point here. It's not just fortune 500 companies, because one of the data points highlights that among the victims the SMB sector has the highest allocation. My guess is that the analysts try to get data from as many breaches as possible every year. Probably partnering with incident response firms like Mandiant. It's not a sample set and at the same time it is because a lot of breaches go undetected.
I'd recommend taking a look at the Appendix E: Methodology. It's a little long at three pages, but hopefully answers your questions. If not, hit up the email address or twitter account on page 47 and we'll answer them.
Gabe, thanks for that. Just checked the Appendix E section you mentioned, instantly a fan of what I saw there. Glad you have filters in place rather than just taking any breach report into the data set.
