The Impact of Dwell Time

The Impact of Dwell Time

by Kyle Benson, Product Marketing Manager

Dwell time, also known as breach detection gap, can be the most important determinant of the impact your company will experience from a cyberattack. What is dwell time or breach detection gap? In simple terms, they represent the amount of time between a system breach, and when an attack is discovered.

A decade ago, cyberattacks were similar to “smash and grab” assaults on retail stores.  Criminals would break in through brute force, attempt to get as much as they could, and get out before law enforcement arrived.

Today, cybercriminals have changed their strategy to be as stealthy as possible so as not to draw attention to their breach.  When this is successful, the attackers can do reconnaissance overtime to find the most valuable assets in the network and devise strategies to obtain those assets without being detected.  By being able to dwell on systems, they can find ways to escalate their credentials to get even more valuable assets, and they often leave a backdoor access point so they can return later.

Studies vary, but it is widely reported that the average number of days of dwell time is over 197 days1 in the United States before enterprise security teams detect a threat on their system and an average of 69 days to contain the threat and return the network to normal.  Dwell times thrive in companies that are cybersecurity resource-poor.  For some small- and mid-sized businesses, dwell times can be more than 800 days2.

What makes this situation so frustrating is that it’s nearly impossible for security analysts to manually prioritize and sift through vast amounts of log data to find a security breach.  Without a SIEM (Security Incident and Event Management) tool and the skills to use it, small and mid-sized companies are at a profound disadvantage in their attempts to remain uncompromised.

While it’s true that the longer the dwell time is, the greater the impact on a business, the reverse is also true.  A research report by the Aberdeen Group3 showed that decreasing dwell time to 30 days reduced impact by 23 percent.  When dwell time was only seven days, the effect was reduced by 77 percent, and taking dwell time down to one day resulted in a 96 percent reduction in business impact.

Reducing Dwell Time

So, how should a security team reduce dwell time?  It sounds simple but start with good underlying security including regular patching and security updates, two-factor authentication for system logins, and restricting admin access. These efforts make it more difficult for a hacker to access the system, which increases the likelihood that they will look for an easier target.

Beyond that, hardening your infrastructure using tools like encryption, intrusion detection, unified threat management devices, and 24x7x365 monitoring of your networks, servers, and endpoint devices make you less vulnerable to attacks.

While these steps may not deter an advanced attacker, it will help to reduce the amount of network traffic “noise” that can come from unskilled attackers and automated scans.  The key is to be able to spot anomalies, and if there is less noise on your system, you’ll be better able to pick out the network spikes and other indicators of an attack.

Finally, having a well-thought-out Incident Response Plan can reduce the amount of time and effort required to recover from a breach.  When everyone that has a role in resolving an attack has a clear plan of action, dwell time, and the impacts of a breach will shrink.

The challenge of taking all these steps, of course, includes the cost of advanced cybersecurity tools and the skills shortage in the industry today.  SilverSky can help with both issues.  Our trusted, experienced cybersecurity experts are here to provide you with the services you need to keep your company safe in an uncertain world.


1 Ponemon Institute Identifies High Average Dwell Times for Financial and Retail Businesses.

2 Infocyte, Mid-market Threat and Incident Response Report

3 Aberdeen, Cybersecurity: For Defenders It’s About Time



Managed Detection & Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email & Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance & Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.


Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.


Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.


White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 



Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

About Us

Did you know that SilverSky enjoys a 97% customer satisfaction rating and a 87.5% customer retention rate from thousands of small and mid-sized companies?

Looking to strengthen your cybersecurity?

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion