Computer systems remain at risk of cyberattacks. — Image © Tim Sandle
Organizations that believe their data is secure because of investments in firewalls, encryption, and endpoint detection may need to reassess their security measures. The current cybersecurity landscape is no longer solely focused on preventing intrusions; rather, the emphasis has shifted to understanding what data is leaving a network after a breach has occurred.
A Surge in Data Exfiltration
Insights from BlackFog’s recent report indicate that data exfiltration is now prevalent in nearly all cyberattacks. In the first quarter of 2025, a staggering 95% of all publicly disclosed ransomware incidents involved the unlawful extraction of data. The situation is compounded by a 113% year-on-year increase in undisclosed cyber incidents.
Within the UK, the financial ramifications of cyber incidents are significant, with British businesses suffering approximately £44 billion in losses over the past five years due to cyberattacks.
Such alarming statistics call for more than mere compliance checks; they demand thorough visibility into the actions taking place within a network after a perimeter breach.
The Limitations of Traditional Security Measures
While penetration tests and vulnerability assessments remain valuable, they only highlight weak points in an organization’s defenses without revealing potential ongoing data theft. The challenge extends beyond identifying vulnerabilities; it includes detecting insider threats and external breaches that could compromise sensitive information.
Critical Questions to Consider
Organizations must ask pivotal questions. Firstly, what data is actually leaving your network, beyond what current policies permit? Identifying unauthorized transfers is essential for understanding the full extent of risk. Secondly, who might be behind these data leaks? This could range from a well-meaning employee misconfiguring services to malicious external actors.
Additionally, it is vital to determine how long such activities have gone undetected, as many breaches can involve extended “dwell times.” Understanding the potential consequences of data exposure—financial penalties, regulatory repercussions, and damaged reputations—should drive the urgency to gain actionable insights rather than relying solely on standard reports.
As highlighted by Dominic Ryles, Security Director at Hammer Distribution, organizations can gain valuable insights from comprehensive assessments, which reveal where sensitive data is truly being sent beyond established infrastructures. They can also help quantify risks associated with both insider exploitation and external breaches while providing actionable remediation plans.
In an environment where adversaries are consistently evolving, with capabilities to bypass encryption and other protective measures, visibility becomes a company’s most potent asset. Ryles emphasizes the importance of understanding data flows in ways traditional solutions cannot.
Consequences of Inaction
Ryles envisions a scenario where an organization, confident in its audits and security measures, overlooks potential threats. An attacker or an insider could be quietly extracting intellectual property or customer data for weeks or even months without detection. Once the breach is exposed—whether through blackmail, leaked data, or regulatory scrutiny—the organization may struggle to assess the extent of the damage, resulting in significant downstream consequences.
Potential ramifications include regulatory fallout, especially with adherence to frameworks like GDPR, reputational damage that can erode trust among partners and clients, and extensive operational costs associated with investigation and remediation. Litigation could also follow, with the escalating average cost of data exfiltration extortion surpassing $5.2 million per incident.
This presents not only an IT risk but also a strategic business risk that requires immediate attention.
A Call to Business Leaders
Ryles urges executives, board members, CIOs, and CISOs to reflect on their organization’s practices. Have they reviewed all outbound data flows, including atypical channels, recently? How confident are they that no data is exiting their networks unmonitored? What steps are in place to enhance visibility, allowing for proactive prevention of data exfiltration?
To initiate improvements, leaders should engage their cybersecurity or cloud teams about conducting a Data Exfiltration Assessment. Such an assessment could uncover critical insights that may ultimately protect assets far more valuable than direct financial losses.
