In the past 12 months, 65% of organizations have suffered a SQL injection attack. It took them close to 140 days to realize they had been hit. The Ponemon Institute report says it took 68 days for victim organizations to recover and clean up after discovering they had suffered a attack. The report, was commissioned by DB Networks, is based on responses from 595 IT security professionals in the US. More than half say they have or will begin to swap their signature-based security with behavioral analysis-based tools in the next 24 months.”]
Source: https://www.darkreading.com/application-security/sql-injection-cleanup-takes-two-months-or-more