Disclosure lag worsens after 1,000 data breaches

Troy Hunt examined 1,000 publicly disclosed data breaches and found the average disclosure lag has risen since his earlier surveys [Troy Hunt's blog]. The median lag, which tracks the middle point of all incidents, has risen in step with the average, indicating that longer delays are becoming the norm rather than outliers.

Findings

• Longer detection‑to‑disclosure windows – The gap between breach detection and public announcement now stretches well beyond the industry‑recommended 30‑day window.
• Compliance pressure – Regulators such as GDPR and state‑level privacy laws already penalize late reporting; the growing lag puts organizations at higher risk of fines.
• Operational impact – Delayed disclosure hampers coordinated incident response, giving attackers more time to exploit compromised data.

Why it matters

The upward trend forces security engineers to prioritize faster detection, automated evidence collection, and pre‑approved communication templates. Reducing lag not only curbs regulatory exposure but also limits the window for attackers to leverage stolen information. Hunt’s data suggest that organizations that have invested in real‑time monitoring and breach‑response playbooks consistently report shorter lag times.

Implications for security teams

1. Invest in automation – Automated alerts and data‑exfiltration detection can shave days off the detection‑to‑disclosure timeline.
2. Standardize reporting – Pre‑drafted breach notices and clear escalation paths reduce the administrative overhead that often stalls public disclosure.
3. Align with regulators – Mapping internal timelines to legal requirements ensures that compliance checks become part of the response workflow, not an after‑thought.

By tightening these processes, teams can reverse the trend Hunt documents and bring disclosure times back within accepted industry benchmarks.