If firms believe their data is safe because they have invested in firewalls, encryption, endpoint detection, they may need to think again. Today’s threat landscape is no longer about whether an IT department can block intruders on their way in. Instead, it is about what is leaving a network after the breach.
The Rising Tide of Exfiltration
According to BlackFog’s latest report, data exfiltration is now almost universal among cyberattacks. In quarter one of 2025, 95% of all publicly disclosed ransomware attacks involved data exfiltration. Even more alarming: the number of undisclosed incidents has surged by 113 % year-on-year.
Meanwhile in the UK, cyber incidents continue to cost companies dearly, over the past five years, British businesses have lost around £44 billion to cyberattacks.
These figures demand more than cursory compliance check boxes. They demand deep visibility, especially into what happens after your perimeter is breached.
Why Traditional Security Isn’t Enough
Penetration tests and vulnerability scans still have a place. But they only tell you where your armour is weak, they don’t show you whether someone is quietly draining data from any business.
What You Might Not Be Asking (But Should Be)
- What is really leaving your network? Not just what your policies allow, but what your attackers are managing to get out.
- Who could be the insider or external actor siphoning data? Could it be a well-intentioned employee misconfiguring services, or something far more sinister?
- How long has it been going on? Many breaches involve “dwell time” of months before detection.
- What would happen if that data got published (or sold)? Financial penalties, regulatory fines, reputational damage, not to mention long-term trust erosion.
Firms need actionable insights, not just reports. Governance structures need to know where, when, how much, and who, then fix it.
Example remediation
An example, provided to Digital Journal, comes from Hammer Distribution which has cybersecurity offering with a dedicated team and enhanced vendor partnerships. According to an assessment from Dominic Ryles – Security Director at Hammer, this form of assessment enables business leaders to:
- Discover where your sensitive data is really going, beyond your known infrastructure
- Quantify the risk of exfiltration — whether from insider misuse or external breach
- Receive an actionable remediation plan, so you’re not just exposed, you’re empowered
In a world where attackers can bypass encryption, VPN, and even endpoint protection, visibility is any firms strongest weapon. Ryles says:
“See your data in a way your incumbent solutions never could.”
What Happens If You Don’t Act?
Ryles says “imagine this scenario”…
“You believe you’re protected. You’ve passed your audits. But behind the scenes, an attacker, or insider misconfiguration, is quietly siphoning IP or customer data into an external cloud or third-party service. The breach remains dormant for weeks or months.”
He adds: “When it finally surfaces, perhaps through a blackmail demand, leaked customer data, or compliance investigation, you realise you didn’t know what you’d lost, you can’t trace the damage’s origin quickly, and the downstream impact is enormous:
- Regulatory fallout (GDPR / industry regulator)
- Reputational damage that destroys trust with partners or clients
- Operational cost to investigate, remediate, notify, and defend
- Possibly even litigation or class-action consequences
And to put a figure on it: the average cost of data-exfiltration extortion is now more than $5.2 million per incident.”
Ryles concludes: “That’s not just IT risk. It’s strategic business risk.”
A Call to Leaders
Ryles final piece of advice looks to the top floor: “If you’re a C-suite executive, board member, CIO or CISO, or if you work in compliance, risk or operations, ask yourself:
- When did you last see all outbound flows, including “shadow” or unusual channels?
- How confident are you that nothing is leaving your network without your knowledge?
- What is your plan to get visibility, not only to detect exfiltration after the fact, but to prevent it proactively?
- What is your timeline for moving from suspicion to clarity, and from clarity to remediation?
If you’d like a starting point, speak to your cybersecurity or cloud team about arranging a Data Exfiltration Assessment. It might reveal more than you expect, and ultimately, save you far more than you can afford to lose.”
