Two recent surveys, one by IBM and the Ponemon Institute showing that the average total cost of a data breach is $3.86 million, and the second by Marsh & McLennan Agency revealing that most organizations do not know how to measure the cyber risk they face, seem to demonstrate a collective corporate sense of false security in an organization’s ability to handle a cyber incident. Seventy-eight percent of respondents to the MMA survey were fairly to highly confident their organization would be able to manage and respond to a cyber attack, but the IBM/Ponemon survey found it takes almost six months to identify an incident. The Cybersecurity Law Report takes a closer look at the results of these surveys and what they reveal about risk awareness and, perhaps, a certain measure of corporate torpor in addressing the likelihood of a data breach. See “Pillars of Effective Breach Detection, Response and Remediation” (Apr. 25, 2018).