The total number of incidents is steadily increasing, as well as their complexity. However, in terms of investigating and responding to them, they are all divided to three categories: very interesting, average and boring. What incidents does the business most often give up and why? Are APT attacks boring? Who is behind such attacks and how difficult / expensive is it to organize them? How have the attacks on organisations of various sectors of the economy changed over the past year and a half? Is it possible to resist the attacks that we consider interesting? Is it worth spending time and resources on countering primitive and boring attacks? What is worth preparing now?