Abstract: data breaches cause significant financial losses every year and have become a major concern for businesses. To mitigate the damage caused by a data breach, a key concept of the data breach lifecycle that involves three components, the occurrence of a breach, the time to detect the breach, and the time to report the breach, has to be well understood. In this talk, we initialize the statistical modeling of the data breach lifecycle via a self-exciting marked point process. The proposed model accommodates the heterogeneity between hacking and non-hacking events, and the dependence between two marks-the time to detect the breach and the time to report the breach-is modeled via a copula approach. The missing and censoring mechanisms are taken into account in the modeling process as well. Empirical studies show that the proposed approach has satisfactory fitting and predictive performance.