LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

According to recent breach research, roughly how long does it take on average to identify and contain a data breach, and why does that "dwell time" matter?

It took an average of about 241 days — roughly nine months — to identify and contain a breach, and even longer (around 276 days) to resolve breaches in hybrid environments.

This long "dwell time" is the window in which an attacker is inside but undetected, quietly stealing data, moving laterally, and pre-positioning ransomware. WHY it matters: cost scales with dwell time — the longer the detection-and-containment gap, the more data is lost and the more expensive the recovery. It is why investment in detection (monitoring, XDR, a Security Operations Centre) often beats spending only on prevention: you cannot stop every intrusion, but shrinking those nine months dramatically cuts the damage.

From Quiz: ISM / Threat & Impact Modelling | Updated: Jun 20, 2026