Which term describes security planning that shows the percentages of breaches per threat action?

The main idea here is using real breach data to shape how you plan defenses. When a security plan shows the percentages of breaches by threat action, it demonstrates that the planning is informed by how attackers actually operate and where risk is concentrated. That kind of data-driven, outcome-focused approach is what “successful security planning” implies: a plan that uses measurable breach patterns to guide prioritization and controls, then tracks results over time. So this term fits because it describes security planning that is grounded in how breaches occur, enabling you to allocate resources to the most significant threat actions. The other options don’t describe this planning approach: a 30/60/90 plan is a timing milestone, the Verizon DBIR is a data source or report you’d consult rather than a planning term, and driving engagement is about stakeholder involvement rather than the planning method itself.