Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo; Representative Director, President and CEO: Toshihiro Koike; hereinafter referred to as "our company") is a company / organization announced from September 1, 2020 to August 31, 2021. Based on more than 1,000 cases of personal information leaks related to unauthorized access in Japan, we will publish a research report on the period from the occurrence of a cyber attack to its discovery and publication.

■ Although the time until the attack was discovered was somewhat shortened, it still remained unnoticed for nearly a year.

Conducted a survey of more than 1,000 cases of personal information leaks at domestic corporations and organizations announced between September 1, 2020 and August 31, 2021 (hereinafter referred to as the "2021 Survey"). ). According to the survey, it took an average of 349 days from the "date of occurrence" of the cyberattack to the "date of discovery" when the attack was noticed. This is a survey conducted by our company in August 2020, covering the period from January 2019 to July 2020. This is 34 days shorter than the average number of days from the date of occurrence to the date of discovery in Japan.
In addition, it took an average of 82 days from the “discovery date” to the “publication date” when the damage was announced, which is 13 days shorter than the 2020 survey. Although the time from the occurrence of an attack to its discovery has shortened somewhat, corporations and organizations have not noticed the damage caused by cyberattacks for nearly a year, and the time taken from discovery to disclosure has increased. got it.

■ More than 60% of cases took more than “90 days” until the attack was discovered, an increase of 10 points from the 2020 survey

The time required from “occurrence” to “discovery” of the incident during the investigation period was “less than 30 days”, “more than 30 days and less than 90 days”, “more than 90 days and less than 180 days”, “more than 180 days and 1 year” When categorized as “within”, more than 60% of all cases required “more than 90 days” from occurrence to discovery. This is an increase of nearly 10 points compared to the 2020 survey (over 90 days: 51.7%). In addition, “within 30 days” decreased by 11.9 points, and “over a year” increased by 7.7 points (Table 1). One of the reasons why it is taking time to discover attacks is that companies have not developed a mechanism to detect attacks and have not built a regular security check system as they go online due to the COVID-19 pandemic. It is possible.

■ The number of incidents that take more than “90 days” to become public after noticing the damage has increased

When categorized from the “date of discovery” to the “date of publication,” 34.3% of the cases required “more than 90 days” from discovery to publication, an increase of 3.5 points compared to the 2020 survey. (Table 2). While it is necessary to identify the cause of the damage and the extent of the impact, and notify and explain to stakeholders before the disclosure, due to insufficient human resources on the company side and poor communication and cooperation, the disclosure is delayed. It is possible that the time is getting longer. In addition, the revised Personal Information Protection Law, which will be fully enforced by April 2022, will add obligations for business operators, such as notifying the person in question and reporting to the Personal Information Protection Commission. is expected to increase further.

■Comment from Yoji Watanabe Representative Director, CTO
In this survey, the percentage of incidents that took a long time to be discovered has increased, with about 30% of all cases requiring more than a year from attack to discovery. As the digitization of companies advances, the opportunities for cyber-attack damage are increasing, and cyber-attacks are becoming more sophisticated and diverse year by year. For this reason, it is thought that there is an increasing trend in the number of cases in which the damage is finally noticed after a long period of time after an attack occurs. Furthermore, once an attack is allowed, it is difficult to notice the situation until the damage is done. In order to prevent such a situation from occurring, it is important not to treat the damage of cyber attacks as a fire on the other side of the river, but to regularly check the vulnerabilities of your company's website, create a mechanism that can prevent attacks, and quickly It is believed that building an internal system that can detect attacks will become even more important.

<Survey overview>
-Survey period: September 1, 2020 to August 31, 2021
-Survey target: Main personal information leakage incidents with a scale of damage of 1,000 or more related to unauthorized access in corporations and organizations announced by the above period (87 cases)
-Research method: Cyber Security Cloud research

[About Cyber Security Cloud, Inc.]
Company name: Cyber Security Cloud, Inc.
Location: VORT Ebisu maxim 3F, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011 Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/