The report also finds that 57% of all known losses for the largest web app incidents over the last five years were attributed to state-affiliated threat actors