Average Days to Identify and Contain Data Breach

Average Days to Identify and Contain Data Breach
Average Days to Identify and Contain Data Breach

Proof Point

Ponemon study found organizations take nearly seven months on average to detect data breach and more than two months to contain it

Average Days to Identify and Contain Data Breach

2016 – 2017 (number)

Note: Data based on Ponemon Institute’s 2017 Cost of Data Breach Study that included more than 1,900 individuals from 419 organizations in 11 countries and two regions

Proof Point Findings

  • Data Breach – Event where records containing personal, medical, and financial information of customers have been lost or stolen due to malicious activity, system glitch, or human error
  • Better Detection – Organizations included in Ponemon study take almost seven months to detect data breaches, decreasing from 201 days on average in 2016 to 191 in 2017
  • Faster Containment – Respondents take more than two months to resolve data breaches and restore service, with average time improving to 66 days in 2017 from 70 days in 2016
  • External vs. Internal Threats – Average time to identify and contain data breaches highest for malicious and criminal attacks (214 and 77 days), and lower for data breaches caused by human error (168 and 54 days)
  • Key Growth Drivers – Include increasing number and sophistication of global cyberattacks, growing volume of data and business processes migrated to cloud, and proliferation of advanced cybersecurity tools and practices, including artificial intelligence-based detection methods


Business Model and Practices

Business Model
and Practices




Date Last Updated

August 21, 2018

Leave a comment