I would have to agree with this latter bit. We count incidents per YEAR.
On a hand. Mostly because we haven't made a habit of accepting random
clients, I guess, but were it a problem, it would be made not to be.
Being proactive is a big part of this. For example, when ARIN began to
allow abuse contacts for IP space, we fairly quickly registered a POC