Most companies take over six months to detect data breaches

New research suggests the average financial or commercial business face multiple attacks per month -- and it takes months for data breaches to be detected.
Written by Charlie Osborne, Contributing Writer

Financial firms take an average of 98 days to detect a data breach and retailers can take up to 197 days, according to new research.

A new cybersecurity report conducted by the Ponemon Institute on behalf of Arbor Networks suggests it is not only cyberattack events which place sensitive data and corporate networks at risk. Instead, the time it takes for businesses to detect a data breach once it occurs gives threat actors plenty of time to conduct surveillance, steal data and spy upon victim companies -- pushing up the cost of cyberattacks.

According to a survey of 844 IT and IT security practitioners in the financial sector across the US and 14 countries within the EMEA region and 675 IT professionals in the same countries within the retail sector, both industries are struggling to cope with today's threat landscape.

Once a data breach occurs, it takes an average of 98 days for financial services companies to detect intrusion on their networks and 197 days in retail. Despite these long periods of time, known as "dwell" time, 58 percent of those surveyed who work in finance -- and 71 percent of those in retail -- said they are "not optimistic" about their firms' ability to improve these results in the coming year.

The research says that on average, 83 percent of financial companies suffer over 50 attacks per month, as do 44 percent of retail firms. The high rate of attacks is not surprising considering the valuable data stored by these industries -- ranging from trade secrets to sensitive customer data. If accessed, this data can be sold on the black market for high prices.

See also: Diving into the Dark Web: Where does your stolen data go?

Among financial services firms, 71 percent of respondents view technology that monitor networks and traffic as the "most promising" method of stopping or minimizing advanced persistent threats (APTs). In total, 45 percent of those surveyed said they have implemented incident response procedures, and 43 percent have begun sharing data on APTs -- a facet often ignored in cybersecurity as companies can be unwilling to admit they have suffered a data breach.

Among retail firms, 64 percent said network-based technology is the best way to cope with APTs, 34 percent have implemented incident response procedures and 17 percent have established threat sharing with other companies or government bodies.

"The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

"The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable."

Read on: In the world of security

Editorial standards