Printed from

It takes 69 days to discover breaches

Posted On: Mar. 30, 2016 12:00 AM CST

It takes 69 days to discover breaches

It takes an average of 69 days for firms to discover they have been the victims of a data security incident and another seven days to achieve the problem's containment, says a law firm, in a survey issued Wednesday.

Cleveland-based Baker & Hostetler L.L.P. based its report on the more than 300 incidents it helped manage in 2015, according to its report. Among other findings, there was an average 40-day period between discovery and notification of those impacted by the incident and an average of 43 days between the engagement of forensics and completion of the forensic investigation.

The report found that just 52% of security breaches were self-detected, and in the remaining 48% of the time, the firm was notified of the problem by a third party.

A total of 23% of the incidents were accounted for by health care. But although incidents involving health care affected 340,000 people, restaurants and hospitality firms, which accounted for just 9% of the data incidents based on industry sector, affected the largest number of people, at 2.2 million, according to the report.

A total of 31% of the incidents involved phishing, hacking or malware, while 24% involved an employee action and/or mistake, according to the report.

Cyber threats, along with regulatory change and scrutiny and economic conditions, are among the top risks that concern executives, according to a separate survey released last week.