Veracode has produced an informative infographic on the state of application security and has generously granted permission to use. This graphic is too dense to present to senior management and receive anything but blank stares and impatient tapping while you try to flounder through the statistics to give them something they can act upon decisively.
The simpler approach is to focus on one message at a time, keep the dialog simple, and recommend a way forward. Your senior management no doubt understands and appreciates data, databases, information integrity and confidentiality, so if you do use this infographic, try this:
Databases are under siege. Not just ours, but everyone's databases. That's because nearly everyone is vulnerable to the same tactics attackers use to gain access to databases. What makes this threat a priority for us in 2013 is that it's not just the information we want to make accessible to our clients or customers, but potentially information in those databases that we want to keep confidential, like billing addresses, payment information or PII. Lastly, these same threats could be leveraged against any of our databases, even the ones that aren't directly accessible via the Internet. What this infographic says is that attackers are focusing on application level attacks, and we need to put more time, effort and expense into securing our applications.
Infographic by Veracode Application Security