For an attacker with malicious intent, exfiltrated data is a highly precious resource. For instance, valuable data such as personal customer information or corporate financial details can be used directly to commit fraud or sell on to other criminals.
However, other confidential data such as trade secrets or other proprietary information may also be of use as part of corporate or even state-level espionage. In fact, there are even dedicated services such as Industrial Spy, which promotes itself as a marketplace where businesses can purchase their competitors’ data, looking to take advantage of this.
Another growing problem is the risk of cyber extortion, where hackers threaten to publicly release private data online. This is often part of a ransomware attack and can also be highly lucrative, as many firms may feel paying up will be cheaper in the long run than dealing with the repercussions of public data exposure.
Verizon’s 2023 Data Breach Investigations Report, for example, warned that the average cost of a ransomware attack has more than doubled over the last two years, with 95 percent of incidents that experienced a loss costing between $1 million and $2.25 million. Such incidents now represent a quarter of all data breaches.