Tech Republic has posted an interesting, but short article regarding why everyone on the internet has not been hacked. I like the premise, and have read the report by Cormac Herley. I certainly am no math whiz either, but what he’s saying makes sense. It is, like marketing and statistics, a game of numbers. If an attacker decides to launch attacks without a defined target, he needs to understand the general “market” of his potential targets in order to realize a gain.
I would imagine that a targetted attack would follow a similar concept, just that the major expense in time for the attacker would be spent in research and reconnaisance of the chosen target rather than in accumulating target addresses and high level intell.