Data Exfiltration
We've curated 16 cybersecurity statistics about Data exfiltration to help you understand how unauthorized data transfers are becoming a critical risk for organizations in 2025, highlighting techniques used by cybercriminals and the defensive measures being implemented.
Related Topics
Showing 1-16 of 16 results
Data exfiltration occured in 96% of ransomware attacks in Q1 2026.
The average volume of data stolen per undisclosed ransomware incident was 743 GB in Q1 2026.
In 35% of cases where data exfiltration occurred, the malicious insider absconded with data through multiple paths such as a combination of email and cloud or USB storage device and cloud.
The quickest data exfiltration attack in 2025 took just 6 minutes versus over 4 hours in 2024.
In one intrusion, data exfiltration began within four minutes of initial access.
73% worry unauthorized AI use is creating invisible data exfiltration paths.
In the fastest cases, attackers moved from initial access to data exfiltration in 72 minutes, four times faster than the previous year.
96% of all disclosed ransomware cases involved data exfiltration in Q3 2025.
Ransomware group Radiant claimed to have exfiltrated data on over 8,000 children across Kido International's UK sites.
Ransomware group Radiant published profiles of ten children following a ransomware attack on Kido International.
Ransomware group Radiant threatened to release full profiles of 30 children following a ransomware attack on Kido International.
Ransomware group Radiant threatened to release data for 100 employees following a ransomware attack on Kido International.
Across 449 dark web victim listings where details were available, the average data volume exfiltrated was 527.65GB in Q3 2025.
The INC ransomware group exfiltrated 5.7 TB of data from the Pennsylvania Office of Attorney General.
Data exfiltration attempts were only stopped 3% of the time in 2025. This is down from 9% in 2024, representing a 3x decrease.
Attackers can exfiltrate sensitive data in as little as 6 seconds in API attacks.