Mean Time to Detect (MTTD)

Mean Time to Detect (MTTD) is a security metric that measures the average time it takes for your organization to discover a security incident or breach after it occurs. A lower MTTD means you find breaches faster, reducing the time attackers have to operate in your environment and limiting the potential damage.

Industry studies consistently show that organizations with longer detection times suffer significantly more damage — attackers use the extra time to move laterally, escalate privileges, and exfiltrate more data. Reducing MTTD through improved monitoring, better alerting, and proactive threat hunting is a key security improvement goal.

Why It Matters

While CMMC doesn't specify MTTD targets, the continuous monitoring and audit requirements exist to reduce detection time. Tracking MTTD helps you measure whether your monitoring investments are actually improving your ability to catch incidents quickly.