Cyber for Plan Sponsors

Average Time Taken to Identify and Contain a Data Breach


According to a survey by the Ponemon Institute of 477 companies that experienced a data breach in 2018, the average number of days to even identify a data breach could be as high as 221 days and up to another 81 days to contain the breach, depending on the root cause.

Days it takes to identify and then contain a breach can vary depending on the root cause, however. A malicious or criminal attack averages 221 days to identify and another 81 to contain. Human error takes a comparably short 174 days to identify on average and another 57 to contain. System glitches take 174 to identify, and another 60 to contain.

With that large a length of time required to identify and contain a cyber attack, it becomes paramount for a company to establish a plan of response and investigation into a data breach. That could be the difference from a maintained and cratered reputation once a breach is discovered. Click here to learn more about breach identification and containment averages.

Where can I purchase cyber liability insurance for my company and employee benefit plan that includes a dedicated team helping with investigation and breach response?

Colonial Surety offers cyber liability insurance with our ERISA fidelity bond packages with fiduciary liability insurance to best protect your plan against a cyber attack.

Colonial’s cyber insurance provides a services-based solution to help plan sponsors manage data breaches successfully. These services include a dedicated team of cyber breach professionals who assist plan sponsors at every stage of incident investigation and breach response. These professionals coordinate the carefully vetted forensics experts and specialized lawyers to help plan sponsors establish what’s been compromised; assess plan sponsor responsibility; and, notify those individuals affected. In addition, these services will also coordinate credit or identity monitoring, and PR advice to help the plan sponsor safeguard its reputation. Of course, Colonial’s cyber insurance also indemnifies and defends plan sponsors from covered lawsuits or regulatory actions, the risk of which may be reduced by a well-coordinated breach response, but can never be completely eliminated.

Ongoing governance and evaluation of recordkeepers can help protect data, but the only way to fully protect against a potential cyber attack’s data breach is to purchase cyber liability insurance from Colonial Surety Company.