In 2022, Mandiant observed a general increase in the number of organizations that were alerted by an external entity of historic or ongoing compromise. Organizations were notified of breaches by external entities in 63% of incidents. This continues the trend observed in 2021 and brings the global detection rates closer to what defenders experienced in 2014. The increase in external notification observed in 2022 is likely impacted by Mandiant’s investigative support of cyber threat activity which targeted Ukraine and an increase in proactive notification efforts. Proactive notifications from security partners enable organizations to launch response efforts more effectively. Analysis of Mandiant’s efforts in Ukraine are highlighted in The Invasion of Ukraine: Cyber Operations During Wartime.
Historically, Mandiant has observed relatively stable detection rates for organizations headquartered in the Americas. However,in 2022, organizations were notified by an external entity in 55% of incidents, compared to 40% of incidents last year. This is the highest percentage of external notifications the Americas has seen over the past six years. While organizations in the Americas continue to improve detection capabilities, external notifications from trusted security partners remain the primary way organizations are made aware of incidents.
internal entities. However, over the past six years, Mandiant has observed a trend towards greater external notifications in the APAC region. This year’s 9-percentage point increase in internal detections when compared to 2021 demonstrates the strong variability Mandiant has observed in detection source in the APAC region.
Organizations in Europe, the Middle East and Africa (EMEA) were alerted of an intrusion by an external entity in 74% of investigations in 2022 compared to 62% in 2021. This marked increase in external notifications could be explained by Mandiant’s investigative support to Ukraine and is likely an outlier from the general trend. Mandiant continues to see a shift to more external notifications in the EMEA region over the past six years, however because of extenuating circumstances in 2022, this trend may stabilize in the future.