Protection from Authorized Users

Looking for some advice..... I'm in the spot of having a Sr VP demand that we prevent data exfiltration from authorized users. The problem is that this isn't the normal "we saw you trying to download 3TB of engineering data and that doesn't match your usage pattern" The demand more like "these people are touching this data every day to do their jobs, but I want your system to just know when they are suddenly going to do something nefarious and stop