"Kaspersky Lab": More than half of critical cyber incidents remain undetected for over 90 days

According to Kaspersky Lab data, in 2025, organizations faced the problem of prolonged detection of cyber threats. An analysis conducted using the Kaspersky Compromise Assessment service showed that in 31% of cases, malicious activity remained unnoticed for more than three months. At the same time, 52% of highly critical incidents were detected only after 90 days, and one compromise case was hidden for four years.

The main reasons for this delay are a reactive approach to security, insufficient monitoring, and operational gaps. Experts note an extreme reliance on automated protection systems, which missed 60% of threats due to a lack of reliable alerts. One in five incidents was found manually, which emphasizes the importance of the human factor and the need to adapt monitoring tools. In addition, 40% of detected web shells were found in backups, which created a risk of re-compromise.

Internal problems also negatively affect response effectiveness. In 32% of cases, the process was affected by communication failures, such as ambiguous action confirmation or loss of knowledge due to staff turnover.

Companies face not only external risks but also hidden threats within their infrastructure, and signs of compromise are not always obvious. Conducting security audits increases the likelihood of detecting a breach.
Viktor Sergeev, Head of Incident Response Team, Kaspersky Lab.