Fifty Percent of Data Breaches Discovered by Someone Other than the Victim

February 15, 2018 by Rodolfo Melgoza

Cybercrime.jpgSome cybersecurity incidents are relatively easy to detect, like when there’s a physical break in, or when equipment is lost and reported by the owner. However, many cybercrimes go undetected for months, or even years.  When they are finally detected, only half of all data breaches are discovered by the company that was attacked. The rest are found by someone outside the organization.

According to CSO Online, A recent survey by AT&T found that employees, law enforcement agencies, customers and service providers are frequently the first to detect a data breach. Here’s the breakdown of who discovers data breaches, as reported by AT&T:

  • Employees: 50%
  • Law enforcement: 25%
  • Customers: 21%
  • Service providers: 19%

Unfortunately, this trend is not new. We’ve seen it for many years. In 2015, research conducted by Intel found that in 80% of data breach cases, the crime was discovered by regulatory agencies, law enforcement, partners, and customers, not the organization that was breached.[i]  In 2016, Verizon reported that 83% of companies who experienced a data breach learned about it from outside entities.[ii]

The Intel and Verizon reports also show that once an organization has been penetrated, data theft or other damage often takes place in a matter of minutes. Yet in most cases, a number of weeks to months went by before the incident was discovered. In some case, it took nearly two years to detect the breach. That gives cybercriminals a long time to steal user records and intellectual property.

These statistics are both sobering and clear. Most organizations need a dramatically more efficient way to detect and mitigate cyber-attacks. Cybercrimes have become so complex that it’s difficult for even the most talented security professionals to spot them without help from the latest security tools.

Fortunately, rapid advancements in artificial intelligence (AI), machine learning (ML), and user and entity behavior analytics (UEBA) are helping organizations to quickly detect when they’ve been attacked, or even when an attack is mounting but hasn’t yet happened.

Organizations that deploy modern AI, ML, and UEBA technologies benefit from around-the-clock automated monitoring and analysis at a level that is impossible for human analysts to achieve. The best scenario occurs when those tools are tightly integrated or embedded within the organization’s existing security infrastructure.


[i] Grand Theft Data, 2015 Intel Security Data Exfiltration Study

[ii] Verizon 2016 Data Breach Investigations Report

Rodolfo Melgoza

Rodolfo Melgoza is the Marketing Manager at Fortscale.


Subscribe to Email Updates

Read Next