Data theft can originate from inside or outside the organization. In the first case, the insider has typically access to a lot of systems and data sources. He or she can leak data during employment, or use storage devices to store data and get it outside the company premises.
Outsiders typically break in via the network and might steal information like intellectual property. Sometimes they will ask the victim to pay a ransom. Another option is selling data to competitors or the black market.