Abstract

This qualitative study researches a knowledge gap by delving into why cybersecurity breach dwell times exceed 200 days. Dwell time, defined as the duration between the emergence of a cybersecurity threat and its detection, is the focal point of this investigation. By uncovering these insights, U.S. InfoSec professionals can develop strategies to shorten dwell times and mitigate the costs associated with security breaches. The overarching issue is the escalating costs of U.S. cybersecurity breaches, which surged by 10% annually, surpassing $9.48 million per breach in 2023. The duration of dwell time, notably exceeding 200 days, is identified as a critical factor contributing to these costs yet remains poorly understood. This study employs a generic qualitative inquiry (GQI) methodology to explore perceptions surrounding dwell time and its impact on an organization's cybersecurity posture. Adopting the protection motivation theory (PMT) theoretical framework offers a suitable framework that aligns with threat and coping appraisals, making it pertinent to understanding and addressing cybersecurity breach dwell time. Through interviews with ten seasoned U.S. InfoSec professionals, this study sheds light on their perspectives regarding the duration between threat deployment and detection. Their insights provide a valuable understanding of the determinants of dwell time exceeding 200 days. The findings highlight the importance of proactive measures and timely detection in mitigating cybersecurity risks and enhancing organizational resilience against malicious cyber-attacks.