…is not evidence of absence. It’s an old saying and isn’t really true – it isn’t conclusive, but it certainly provides some information.
In the security space, it is much more common to assume that absence of evidence is proof of existence. As in, there is no evidence that an enterprise has been compromised, therefore it must have been.
It sure would be great to have real evidence. It’s out there, we just have to keep looking.