Organizations that achieve an optimal average time to detect a breach tend to have invested in a dedicated chief information security officer (CISO) as well as comprehensive security training for employees.
This should be part of a larger strategy, whereby your organization develops a clear understanding of its cyber security risk profile, including any key vulnerabilities or touch points that could be susceptible to an attack. Working with a third party to conduct an assessment can help ensure nothing gets missed here.
Once the assessment is completed, you should communicate the potential consequences of a data breach to your organization's leadership. That will ensure there's understanding about the relationship between strong cyber defenses and key business outcomes.
From there, your organization should establish security policies that support a goal of a shorter average time to detect a cyber attack and MTTR. This in turn will inform a proactive incident response plan, including the technologies needed to detect incidents early on, who should receive alerts and how resolution should be pursued.
These details will lead to security training that's relevant and actionable for all employees, many of whom could be on the front lines when a cyber attack takes place.