Report reveals impact of GDPR on breach detection rates in EMEA
- Published: Monday, 02 March 2020 09:15
FireEye, Inc., has published the FireEye Mandiant M-Trends 2020 report, which shares statistics and insights gleaned from FireEye Mandiant investigations around the globe in 2019. The report highlights that GDPR seems to have had a positive impact on security breach detection.
The M-Trends report found that median dwell time in EMEA, defined as the duration between the start of a cyber intrusion and it being identified, has fallen from 177 days in last year’s report to 54 days this time – a significant decrease of 70 percent. FireEye Mandiant consultants believe that the high dwell time in the previous two years was due to long standing compromises being disclosed by organizations because of the implementation of GDPR. EMEA dwell time is now in line with global figures which suggests an improved security posture in the wake of GDPR coming into effect.
There was also a marked decrease in the global median dwell time, which was recorded as 56 days: 28 percent lower than the 78-day median observed in the last report. FireEye Mandiant consultants attribute this trend to organizations improving their detection programs, as well as changes in attacker behaviors such as the continued rise in disruptive attacks (e.g. ransomware and cryptocurrency miners) which often have shorter dwell times than other attack types.
Global internal and external detection times have also reduced:
- Median dwell time for organizations that learned of their incident by an external party: stands at 141 days, a 23 percent decrease since the previous M-Trends report (184 days).
- Median dwell time for organizations that self-detected their incident: stands at 30 days, a 40 percent decrease year over year (50.5 days).While internal dwell time saw the greatest level of improvement, still 12 percent of investigations continue to have dwell times of greater than 700 days.
Internal detection reaches a four-year low
Although the dwell time for intrusions identified internally by organizations has gone down, the overall percentage of self-detected security incidents versus external sources has also reduced. There has been a 12-percentage point decrease in the proportion of compromises detected internally, year-over-year. This comes after a steady increase of internal detections since 2011.
2019 is the first time in four years in which external notifications, when an outside entity informs an organization that it has been compromised, exceeded internal detections.
This shift is potentially due to a variety of factors, such as increases in law enforcement and cyber security vendor notifications, changes in public disclosure norms, and compliance changes. FireEye Mandiant feels it is unlikely that organizations’ ability to detect intrusions deteriorated, as other metrics show continued improvements in organizational detections and response.