The Cyber Security Breach Life-Cycle

When it comes to Cyber Security, most companies unfortunately remain oblivious or ignorant to the threats they are faced with on a day to day basis. This document will explain the typical cyber security breach lifecycle, what the implications are, and what you can do about it.

1 You get breached. Typically this occurs from a staff member clicking on something they shouldn’t, because they aren’t trained in how to identify and respond to IT security threats. It may be a single account password, or an email address and password. At this stage nothing will likely happen. 
2 The breached information turns up for sale on the “Dark Web” in a sheet. This is a hidden part of the Internet where significant illegal activity takes place. Essentially a “seed” has now been sown, and the intention by cyber criminals on the dark web is to grow this into a “tree” of information.
3 The information is researched further and added to. It is sold again for slightly more money. This cycle continues, each time building out a bit more of the “tree” of information. This tree while initially starting with your company information can build out to encompass information about staff and their personal life, and other companies you deal with.
4 At some point after the initial breach (it may be 6 months or a couple of years), there will be sufficient information in your sheet for a cyber-criminal to decide to purchase it with the intention of hitting all the identified breach points. They can do things like:

• Infiltrate other systems in your network.
• Install a crypto locker to lock you out of all your files, and demand a ransom.
• Breach an employee’s personal computer, find browser activity, and threaten to send details of website visits to a family member.
• Use a compromised email account to socially engineer companies you deal with, such as sending them false invoices.
5 Now a serious breach has occurred. It typically takes just over 6 months for an organisation to find that breach. In this time, significant damage can be done as cyber criminals infiltrate other systems in your network.
6 The breach must now be resolved. That means expensive cyber security expertise is engaged for remediation. This is a difficult and time-consuming process to find and remove infected files / code. The breach point must also be found and fixed, or staff must be trained in cyber security awareness.
7 Staff downtime costs are on average 3.4 times the breach resolution costs. And while there is downtime, existing customers may not be serviced so some will find new suppliers.
8 If applicable, the breach must now be reported to the OIAC, and to every customer who is likely to incur “serious harm” from their information being lost. This is a time consuming and expensive process that translates into a loss of reputation, and further customer loss as you are no longer trusted to safely store their information.
9 From a major breach, 60% of companies will be out of business in 6 months or less.


It’s no longer a matter of “if” a breach will happen, but “when”, “how bad”, and “how often”, and it often starts with a seed of information on the Dark Web from a minor breach. These 4 key activities will make a massive difference to your cyber security risk:

  • Cyber Security Awareness Training – Train your staff in how to identify and respond to IT security threats.
  • Cultural Change – Embed cyber security into your culture to keep it front of mind for all staff, every day.
  • Dark Web Monitoring – Find your information on the dark web to know you have been breached, and fix it early.
  • Cyber Security Framework – Ensure you implement a cyber security framework (e.g. Essential 8, CIS, NIST, ISO27001)

Get in Touch

Contact Details