That is currently just over a month of downloading for our hacker friends - but we will be nice and say they only download data at night (aka, 1/3 the time). Also, a month is a very long time to be "on target" but download size is basically static over the years and the time is pressured down by increasing network speeds. If you are in the ever growing box-of-pain (see below) then every time you get hacked, your entire company's IP value walks out the door.
Everything in this graph is either my estimate or Crowdstrike's but just understand that as speeds go up, and corporate IP size remains static, the odds of any hacked company being completely downloaded before you catch the pesky hacker goes to 1.
Hackers or signals intelligence agencies deal with this question every day in a different form, because 99% of what you see on most networks is useless porn and Windows updates. You want to filter that out on-site and then only send back the good stuff. But as network speeds go up, and storage costs go down, it's often easier to download everything and sort through it later. This is of course similar to the problem a certain large SIGINT group reportedly had.
Following this curve is why I think the Endpoint Security people's 1/10/60 minute rule is ridiculous, and why humans in the loop for security response are also hilarious. Ask yourself, at what speed of network does your company enter the box of pain before 60 minutes is up?