That's a bit strange... 8gb seems like a lot to fill up. Content Security Reporter should be able to run reports based on the actions taken by the user to help explain where the quota went. It does this based on the block reasons put into the log files.
Volume quotes work based on IP or user information (assuming you're authenticating). If you're performing authentication this should be less likley but perhaps the rules apply to a wider variety of sites than you intended, which causes them to always hit the volume quota --- though 8gb seems like a lot.
If you were not authenticating, then is it possible that you have a NAT where users all seem to come from the same IP? Therefore the volume quota applies to a network of users rather than a single one?
As far as bumping a quota, its not possible to add more unless you add it to the configuration.
We are authenticating users and we apply the quota based on user information. I'll try the CSR reports to see where exactly it's all going. Will also check my rules once more. Thank you.