Cyber dwell time is the length of time from a breach occurring until the time of its discovery and remediation. The initial breach and early stages of lateral movement within the network is what gives an attacker the opportunity to obtain legitimate credentials.
The longer an attacker remains in your network, the higher the risk for damage. It’s that simple. Other cybersecurity metrics such as the number of attacks stopped, the ability to recognize attack techniques of certain attackers, or even attribution, are all secondary.
Visibility and breach containment - stopping lateral movement and the breach from “calling home” – are, ultimately, the only thing that will minimize the impact of the attack by preventing the attackers from stealing your data.