How long does it take to detect a cyber attack?

Cyber attacks are an increasingly serious risk for organizations, but many senior staff seem to believe that their organization won’t be targeted. They might say that their organization is too small to be on attackers’ radars, or that they don’t have anything worth attacking, but the truth is that cyber criminals are indiscriminate in their attacks and can almost always find something worth stealing.

A lot of companies that say they won’t be targeted will have already been breached – they just don’t know it yet. And as the Ponemon 2017 Cost of a Data Breach Study shows, the longer it takes to detect a breach, the more expensive it will be.

Detecting and containing breaches

The study found that US companies took an average of 206 days to detect a data breach. This is a slight increase on the previous year (201 days).

Ponemon suggests all organizations should aim to identify a breach within 100 days. The average cost of identifying a breach within this time was $5.99 million, but for breaches that took longer to identify, the average cost rose to $8.70 million.

There is a similar correlation in terms of containing a breach. Breaches that took less than 30 days to contain had an average cost of $5.87 million, but this rose to $8.83 million for breaches that took longer to contain.

The good news is that organizations have become significantly better at containing breaches, with the average time dropping from 70 days in 2016 to 55 days.

How are compromises detected?

The majority of breached organizations are notified by someone other than their own staff, according to Mandiant’s M-Trends 2017 report. It found that 53% of breaches were discovered by an external source.

The most common external source for identifying data breaches is law enforcement.

Data breaches are almost always contained sooner if they’re detected by an organization’s own staff. By conducting routine assessments of potential vulnerabilities in your organization, you can avoid having to rely on external sources, save money, mitigate the damage of breaches, and perhaps even identify vulnerabilities before a breach takes place.

This is where penetration testing comes in. It’s essentially a controlled form of hacking in which a professional tester, working on behalf of an organization, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.


IT Governance offers fixed-price and custom CREST-accredited penetration tests, and all our tests are followed by reports that rank and rate vulnerabilities in your systems.

Find out about our penetration testing services >>

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *