Data leaks are not new to the information security industry. Awareness of malicious insiders trying to steal data has been always there. Much before ransomware, famous cases of insiders stealing the information, including from the government agencies, and then, certain outlets channelizing the leaked information have happened. Along with those, data leak prevention solutions have also been around. But ransomware driven data exfiltration and double extortions have forced organizations to rethink their approach. Besides this, organizations have been forced to validate the nature and granularity of the data loss, or theft, by regulation changes and to cross check the scope of the data loss to verify the accuracy of threat from an attack. However, the current approach to user monitoring is limited in scope while also missing the element of accountability. User data interaction monitoring considerations reach far beyond behavior analysis and response.