What Is The Average Time To Detect Data Breaches And How To Reduce It?

What Is The Average Time To Detect Data Breaches And How To Reduce It

On this information superhighway we’re on, data has become one of the most sought after and valuable assets. Whether it’s consumer data, intellectual property, critical IT or financial data – a company’s fortune often hinges on their ability to keep that data safe and confidential. That all starts with cyber incident response measures. The proliferation of threats and TTPs (tactics, techniques, and procedures) mean it’s inevitable that even the most secure system will be breached. When that happens, fast detection and reaction times are the best hope of mitigating the damage. As the numbers show, the need for incident response frameworks is critical. Let’s have a look on what the average time to detect data breaches is.


If you learned that adversaries got hold of the data you are protecting, may it be customer, proprietary, or other sensitive information, you should contact LIFARS immediately.


How long does it take to detect a security breach?

Research suggests that most companies still have a long way to go to improve their detection rates. A report by IBM found that the average time to detect and contain a data breach is 280 days.

The longer a breach goes unaddressed, the more data gets leaked and the larger the overall impact – financial and otherwise. The same report found that by containing a breach in under 200 days, you can save $1 million in costs. Every day that you detect the breach sooner, will have a tangible effect on damage mitigation.

Most breaches also go unnoticed and don’t raise any alarms until the damage they cause becomes visible with time.

There are three main reasons for this:

  • attacks are becoming more sophisticated, especially in APT (advanced persistent threat) techniques.
  • hundreds of millions of new malware are created every year which won’t be detected by conventional signature-based antivirus software.
  • the expanding IoT (Internet of Things) means the average company has many more endpoints that serve as potential attack vectors.

How can response times be reduced?

Clearly, companies need to step up to the plate and introduce concrete measures that reduce their detection and response times. Literally hundreds of millions of dollars are on the line, never mind the knock-on effect on customers and data privacy.

  • Have an incident response (IR) plan: It all starts with a plan. Incident response should be treated holistically and not just as an IT issue. If you have no systems in place, or you feel you are lacking, an incident response readiness assessment is a good starting point. Each of the following guidelines can be incorporated in stages until you have a complete IR solution.
  • Invest in security automation: Automated security systems have the greatest potential to reduce the cost of security breaches. IBM estimates potential savings at $3.58 million.
  • Take IR seriously: A dedicated Incident Response team with a focus on preparedness and IR testing is the second most effective solution. IBM estimates a dedicated IR team can save up to $2 million in data breach costs. LIFARS has its own IR team – LISIRT.
  • Company-wide security training and awareness: All employees must be aware of the potential threats, telltale signs of IoC’s, and channels for reporting incidents. Education and training are key with updates as the situation evolves. Leaked credentials are still a major source of breaches and individual security protocols should be addressed as well.


In a world where there always seems to be a new cyber threat on the horizon, businesses are already playing catchup. The best time to start is today. By assessing current readiness, drafting an IR strategy, and adopting it as a core business operation you can have effective incident response security.