How long does it take to detect a cyber attack?

Cyber attacks are an increasingly serious risk for organizations, but many senior staff seem to believe that their organization won’t be targeted. They might say that their organization is too small to be on attackers’ radars, or that they don’t have anything worth attacking, but the truth is that cyber criminals are indiscriminate in their attacks and can almost always find something worth stealing.

A lot of companies that say they won’t be targeted will have already been breached – they just don’t know it yet.

As evidence to that, the Mandiant Security Effectiveness Report 2020 found that 53% of successful cyber attacks infiltrate organizations without being detected, and 91% of all incidents didn’t generate an alert.

Detecting and containing breaches

Organizations’ ability – in inability – to detect cyber attacks has tangible effects on its productivity and profitability.

Various reports have noted a correlation between the time it takes to spot an intrusion and the cost of recovery.

An IBM study estimated that organizations that contained a breach in under 30 days saved more than $1 million compared to those who take longer.

Meanwhile, a Ponemon Institute report suggests that organizations should aim to identify a breach within 100 days.

It found that the average cost of identifying a breach within this time was $5.99 million, but for breaches that took longer to identify, the average cost rose to $8.70 million.

There is a similar correlation in terms of containing a breach. Breaches that took less than 30 days to contain had an average cost of $5.87 million, but this rose to $8.83 million for breaches that took longer to contain.

The good news is that organizations have become significantly better at containing breaches, with the average time dropping from 70 days in 2016 to 55 days.

How are compromises detected?

The majority of breached organizations are notified by someone other than their own staff, according to Mandiant’s M-Trends 2020 report. It found that 53% of breaches were discovered by an external source.

The most common external source for identifying data breaches is law enforcement.

Data breaches are almost always contained sooner if they’re detected by an organization’s own staff. By conducting routine assessments of potential vulnerabilities in your organization, you can avoid having to rely on external sources, save money, mitigate the damage of breaches, and perhaps even identify vulnerabilities before a breach takes place.

This is where penetration testing comes in. It’s essentially a controlled form of hacking in which a professional tester, working on behalf of an organization, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.

Penetration testing


IT Governance offers fixed-price and custom CREST-accredited penetration tests, and all our tests are followed by reports that rank and rate vulnerabilities in your systems.

Find out about our penetration testing services >>

No Responses