[BreachExchange] It takes 69 days to discover breaches

[Audrey McNeil]

b
http://www.businessinsurance.com/article/20160330/NEWS06/160339968/cleveland-based-baker-hostetler-l-l-p-reports-that-it-takes-69-days


It takes an average of 69 days for firms to discover they have been the
victims of a data security incident and another seven days to achieve the
problem's containment, says a law firm, in a survey issued Wednesday.

Cleveland-based Baker & Hostetler L.L.P. based its report on the more than
300 incidents it helped manage in 2015, according to its report. Among
other findings, there was an average 40-day period between discovery and
notification of those impacted by the incident and an average of 43 days
between the engagement of forensics and completion of the forensic
investigation.

The report found that just 52% of security breaches were self-detected, and
in the remaining 48% of the time, the firm was notified of the problem by a
third party.

A total of 23% of the incidents were accounted for by health care. But
although incidents involving health care affected 340,000 people,
restaurants and hospitality firms, which accounted for just 9% of the data
incidents based on industry sector, affected the largest number of people,
at 2.2 million, according to the report.

A total of 31% of the incidents involved phishing, hacking or malware,
while 24% involved an employee action and/or mistake, according to the
report.

Cyber threats, along with regulatory change and scrutiny and economic
conditions, are among the top risks that concern executives, according to a
separate survey released last week.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160330/0f38755e/attachment.html>