Detection time of data breaches

Abstract

Recent security reports point to an alarming increase in the number and frequency of data breach attacks against organizations worldwide. With the rise of data breaches, how quickly a firm detects a breach determines the extent of the incident impact on the business and its customers. Although prior studies have focused on several important factors that deal with the functions of detection, prevention and prediction of breach incidents, these studies have overlooked the time factor of breach detection. This research seeks to fulfill the lack of research and attempts to explore the factors that affect detection time of data breaches. Using survival analysis, we examine 696 publicly reported breaches between 2010 and 2017 and measure the impact of threat actors, attack types, affected confidentiality data, affected assets, and industries on breach detection time. Findings show that the time to detect data breaches caused by privilege misuse is 2.5 times slower, followed by 1.4 times for breaches that target servers. On the other hand, data breaches that involve payment card skimmers are 79% faster to detect. To gain further insight into these factors that slow down detection time, we perform subgroup analyses. Findings show that data breaches involving privilege misuse through LAN access are 2.2 times slower to detect. Furthermore, data breaches targeting servers are 5.7 times slower to detect in the accommodation industry, followed by 2.8 times in the administrative industry, and 2.4 times in the healthcare industry.