A cybersecurity analyst is reviewing the organization's incident-response metrics for the last quarter. The analyst notices that the mean time to detect (MTTD) for security incidents has risen sharply compared with the previous quarter. Which of the following is the MOST likely reason for this increase in MTTD?
Regular system maintenance affecting system availability.
MTTD rises when there are gaps in visibility or monitoring coverage. If an organization lacks sufficient or well-integrated monitoring tools (for example, missing endpoint sensors or fragmented log collection), attacks can remain undetected longer, pushing the average detection time higher. Research on MTTD shows that fragmented tools or visibility gaps are a primary driver of higher MTTD. Temporary blind spots during patching or routine maintenance are usually short-lived and seldom shift a quarter-long average, and a spike in incident count only lengthens MTTD if it also overwhelms analysts or exhausts monitoring capacity. Therefore, insufficient monitoring capability is the most direct and common cause of a sustained increase in MTTD.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are monitoring tools in cybersecurity?
Open an interactive chat with Bash
What is MTTD and how is it different from other metrics like MTTR?
Open an interactive chat with Bash
How can insufficient monitoring tools lead to increased MTTD?