The Impact of Dwell Time

Dwell time, also known as breach detection gap, can be the most important determinant of the impact your company will experience from a cyberattack. What is dwell time or breach detection gap? In simple terms, they represent the amount of time between a system breach, and when an attack is discovered.

A decade ago, cyberattacks were similar to “smash and grab” assaults on retail stores.  Criminals would break in through brute force, attempt to get as much as they could, and get out before law enforcement arrived.

Today, cybercriminals have changed their strategy to be as stealthy as possible so as not to draw attention to their breach.  When this is successful, the attackers can do reconnaissance overtime to find the most valuable assets in the network and devise strategies to obtain those assets without being detected.  By being able to dwell on systems, they can find ways to escalate their credentials to get even more valuable assets, and they often leave a backdoor access point so they can return later.

Studies vary, but it is widely reported that the average number of days of dwell time is over 197 days1 in the United States before enterprise security teams detect a threat on their system and an average of 69 days to contain the threat and return the network to normal.  Dwell times thrive in companies that are cybersecurity resource-poor.  For some small- and mid-sized businesses, dwell times can be more than 800 days2.

What makes this situation so frustrating is that it’s nearly impossible for security analysts to manually prioritize and sift through vast amounts of log data to find a security breach.  Without a SIEM (Security Incident and Event Management) tool and the skills to use it, small and mid-sized companies are at a profound disadvantage in their attempts to remain uncompromised.

While it’s true that the longer the dwell time is, the greater the impact on a business, the reverse is also true.  A research report by the Aberdeen Group3 showed that decreasing dwell time to 30 days reduced impact by 23 percent.  When dwell time was only seven days, the effect was reduced by 77 percent, and taking dwell time down to one day resulted in a 96 percent reduction in business impact.

Reducing Dwell Time

So, how should a security team reduce dwell time?  It sounds simple but start with good underlying security including regular patching and security updates, two-factor authentication for system logins, and restricting admin access. These efforts make it more difficult for a hacker to access the system, which increases the likelihood that they will look for an easier target.

Beyond that, hardening your infrastructure using tools like encryption, intrusion detection, unified threat management devices, and 24x7x365 monitoring of your networks, servers, and endpoint devices make you less vulnerable to attacks.

While these steps may not deter an advanced attacker, it will help to reduce the amount of network traffic “noise” that can come from unskilled attackers and automated scans.  The key is to be able to spot anomalies, and if there is less noise on your system, you’ll be better able to pick out the network spikes and other indicators of an attack.

Finally, having a well-thought-out Incident Response Plan can reduce the amount of time and effort required to recover from a breach.  When everyone that has a role in resolving an attack has a clear plan of action, dwell time, and the impacts of a breach will shrink.

The challenge of taking all these steps, of course, includes the cost of advanced cybersecurity tools and the skills shortage in the industry today.  SilverSky can help with both issues.  Our trusted, experienced cybersecurity experts are here to provide you with the services you need to keep your company safe in an uncertain world.


1 Ponemon Institute Identifies High Average Dwell Times for Financial and Retail Businesses.

2 Infocyte, Mid-market Threat and Incident Response Report

3 Aberdeen, Cybersecurity: For Defenders It’s About Time

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.


Affordable defenses for a sector under attack.


SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.


Automated Cybersecurity Examination Tool


Health Insurance Portability and Accountability Act


Payment Card Industry Data Security Standard


Federal Financial Institutions Examination Council


Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.


Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.


Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.