by Joseph Howard

As security threats increase and hackers are getting better, an organization must have the correct procedures in place to diagnose a security breach. This is called response time. How fast can an organization find out there has been a breach, what steps can they take to resolve this threat, and how can they mitigate the damage? In all of these factors speed is critical. This topic is interesting because cyber breaches are happening more often and the response time can have a huge impact of how the organization fares in the future.


Average cyber incident response timeline in the United States in 2019 – This graph [above] gives a good idea of how fast response times are in the United States when a breach occurs. Occurrence to discovery is when the incident happened. Discovery to containment is when the organization finally found out about the breach. Forensic investigation is when they found out about who was responsible. Discovery to notification is when the initial notification was released.


This statistic [above] presents the most common types of investigation conducted after a cyber intrusion incident in the United States in 2018. During the measured period, the most frequently used tool was log review with a 50 percent usage rate. Malware analysis was used in 15 percent of investigations.


As you can see this graph [above] provides what types of average costs are from different categories in 2018, which are: business disruption, information loss, equipment damages, and revenue loss. During the survey period it was found that business disruption accumulated an average 5.9 million U.S. dollars in annual damages from a targeted cyber attack on a business.


As we’ve seen in large data breaches recently covered by the media, the issue of timing can have wide impacts on your internal process, whether you are compliant with applicable regulations and public perception.

“They have a 1–10– 60 challenge for responding to cyber intrusions: 1 minute to detect it, 10 minutes to understand it, and 1 hour to contain it.” -Dimitri Alperovitch, of CrowdStrike


“Organizations must have a Recovery Time Objective as well as a Recovery Point Objective” -Ramsés Gallego, ISACA, 19th Nov 2018


This statistic [above] shows the estimated damage a successful cyber attack will cost a U.S. business. In 2015, the maximum total annualized cost of cyber crime committed against U.S. companies amounted to 65.05 million U.S. dollars. You can see that from 2015 to 2015 there was a price cost increase for every category. It is getting more expensive by the year for cyber crime.


I searched topics and data surrounding the response time of cyber security. I looked at how companies respond and I used data to interpret in what time frame a data breech might occur. I also searched for data that was associated with the cost of a cyber security breach. I used graphs to show costs related to cybercrime in the United States as well as Japan.

Security breaches happen. They way an organization goes about having a plan to resolve the threat and protect the consumers it the most important part. This could be a make or break for an organization. Having a well-mapped plan to act as fast as possible to mitigate any damage will go a long way in letting the consumers and public know that the organization is well equipped to mitigate damage and protect the consumers and public. Not having the right plan in place could, in the worst scenario, cause the collapse of the whole organization. As you can tell, response time is paramount during a security breach.




Johnson, Joseph. “U.S. Cyber Incident Response Lifecycle 2019.” Statista, 25 Jan. 2021, 

Sher-Jan, Mahmood. “From Incident to Discovery to Breach Notification: Average Time Frames.” From Incident to Discovery to Breach Notification: Average Time Frames, International Association of Privacy Professionals, 6 May 2020,

Costs Of Cyber Attacks on Businesses Worldwide 2018 Joseph Johnson -

U.s. Financial Damage Caused By Cyber Attacks 2015 Joseph Johnson -