Since the year 2000, a number of data exfiltration efforts severely damaged the consumer confidence, corporate valuation, and intellectual property of businesses and national security of governments across the world.
If the attacker has or can easily gain physical or privileged remote access to the server containing the data they wish to exfiltrate, their chances of success are much better than otherwise.
For example, it would be relatively easy for a system administrator to plant, and in turn, execute malware that transmits data to an external command and control server without getting caught.
For example, Cross Site Scripting (XSS) can be used to exploit vulnerabilities in web applications to provide a malicious actor with sensitive data.
Preventive measures include the implementation and maintenance of access controls, deception techniques, and encryption of data in process, in transit, and at rest.