Most companies are very good at protecting data that they know about and consider sensitive – they restrict access to the HR systems where compensation data is available. They put access controls and monitoring procedures on systems that store critical intellectual property like formulas or key financial analytics.
Typically, they have formal policies and associated technology deployments and procedures to protect sensitive data.
When someone downloads that data from a secure environment into an Excel spreadsheet or a thumb drive, all the controls are gone.
Technology can’t solve this – this is human problem. It can only reasonably be addressed through appropriate use policies and extensive and ongoing user awareness training. Employees need to understand DON’T TAKE SENSITIVE DATA OUT OF ITS CONTROLLED ENVIRONMENT!
The CIA has plenty of technology and many smart people, but it couldn’t prevent Edward Snowden.