Internet intelligence firm Renesys has identified a new breed of“Man-in-the-Middle” (MITM) cyber attacks in which data is beingvolleyed across the world by hackers in quick, quiet and largelyundetected operations.

The routes can span a global scale. MITM hijacks are notobvious, where they damage data hemorrhages or blocks, but ratherare a subtle anaesthetized bloodletting: it is now possibleto siphon internet traffic miles from its intended course, copy ordistort it, and circulate it back to its intended location in oneheartbeat.

“Data goes where the Internet takes it; it's not a choice ofdirecting its course along the way,” says James Cowie, founder andchief technical officer of Renesys. “But you can observe it.”

In monitoring MITM attacks occurring across the world in 2013,Renesys observed more than 60 hijacks by November, with about 1,500individual IP addresses affected across 150 cities. The victims arefinancial institutions, Internet Service Providers and worldgovernments.

The unknown hackers rely on established Internet ServiceProvider (ISP) systems to manipulate data paths. In one case studyfrom August, information sent from an office in Denver to anotherlocation in the same city was handed off to a provider in London,where it was diverted to Iceland, sent to Montreal, then toChicago, New York and several U.S. cities before landing inDenver—milliseconds later.

“People used to transmit private, dedicated communication forimportant traffic via an intra-office line, but now enterprises areusing the Internet,” says Cowie. “They assume that data passingfrom one city branch to another goes through a direct line, but onthe Internet, the path it takes depends on hidden variablesproviders don't see.”

An MITM scheme's geography may be intricate, but its executionis literally grabbing chunks of random, unencrypted data (“Whateveris being transmitted” from a location at that time, according toCowie) and snooping through it to find something interesting forhackers to use.

Whether employee or customer data, medical information, SocialSecurity numbers—“just the fact that it may have been looked at” isenough to create legal problems for an entity, says Tim Francis,vice president of portfolio management at Travelers Bond &Financial Products.

Nearly all states now require companies to notify potentialvictims of a data breach, which will often involve customers acrossseveral states and incur notification costs and credit monitoring,which can be covered by a cyber policy. However, says Francis, thegreatest cost of data breach is uninsurable, which is “never havingcustomers do business with you again”.

The way companies respond to and learn from a breach determinesits fallout as much as prevention, which is a great creativechallenge to businesses around the world in the absence of widerregulation.

The U.S. Department of State's International Traffic in ArmsRegulations (ITAR) requires all manufacturers, vendors andexporters of defense-related technical data and services toregister with the Directorate of Defense Trade Controls (DDTC). Butwhen a financial company's data is leaked, it is our defenses thatcome down.

“No organizations can be completely self-sufficient in cybersecurity in 2014,” says Jacob Rosengarten, executive vice presidentand chief enterprise risk officer of XL Group. “It will take apartnership with specialized companies, whether hiring companies toattack you to see where your weaknesses are, to creating industryassociations [surrounding cyber risk].”

For now, the Internet is a poorly-understood system wheretraffic travels murky and undetermined paths.

“We can't all afford to become experts in the Internet, but ifwe all pay a little more attention we will all benefit, just likewe all benefit from better prices and choices when a market is moretransparent,” says Cowie.