Over at the
Verizon Security Blog, I just published a new post:
Incident Discovery and Containment : Average is Over. In it I explain a little bit about discovery and containment times of incidents and breaches in the DBIR. One big caveat, this isn't just criminal orgs installing malware or nation-state espionage. They also include common mistakes and misuse. (For example, if you just look at Cyber-Espionage pattern breaches, you find that the median days to discovery is 120 days.)