Advances in attack technologies and strategies allowed hackers to spend an average of 205 days in victims' systems in 2014, according to researchers at FireEye.
The figure was revealed in the security firm's latest M-trends report, which argues that the situation is down to poor cyber security at most companies.
The research showed that only 31 percent of organisations were able to discover breaches using their own resources, a decrease on the 33 percent self-discovery rate in 2013.
FireEye CTO Greg Day told V3 that the success of the attacks is the result of an evolution in the threat landscape.
"A few years ago a breach was typically a hacker or an automated attack through a single binary," he said.
"Todays breaches are a blend of social engineering, unique automated attacks made up of numerous components delivered over time, and differing communications and hacking skills to spread laterally and exfiltrate data."
Day cited an increase in the volume of attacks targeting companies as another factor in allowing the hackers to remain undetected for such a long time.
"Consider that a typical company today gets over 10,000 events per month, of which over 50 percent are false positives. Some 40 percent-plus of companies are manually analysing this. Then consider that you need to be able to join the dots between multiple alerts to see the attack," he said.
"It's easy to see how we miss the infiltration. Increasingly we see that, once access has been gained, the malware part on which we so heavily focus our defences is removed before detection can occur.
"In today's modern IT world most companies' ability to see subtle changes such as new genuine accounts being created or existing ones being misused goes unnoticed."
Day highlighted advances in attackers' social engineering strategies as evidence of his claim.
FireEye reported that 78 percent of the known phishing schemes it tracks use messages masquerading as alerts from a company's IT department.
The tactic is the same used by several recently discovered high-profile attacks, including the Carbanak cyber bank raid.
Despite the negative news, the hackers' 205-day dwell time statistic is a decrease on 2013 when the figure was 229 days.
FireEye is one of many companies warning that hackers are developing sophisticated new strategies and technologies to evade detection.
Darktrace director of technology Dave Palmer revealed during an interview with V3 in January that hackers successfully breached an unnamed financial service and stole data for six months before being discovered.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend