We often think that the main danger to sensitive data is the hacker and the disgruntled, greedy employee. However, overall the greater danger comes from the lack of policies on the sensitivity of data and employees’ poor handling of data due to the absence of training on policies that do exist. The majority of top executives know what to say in public and how to deflect questions on sensitive issues, but lower level employees are much more likely not to understand the importance of their knowledge and talk publicly. People like to talk about their areas of expertise. For example, a scientist attends a conference of his/her peers and brags about an exciting discovery that is being incorporated into a new product.
Hackers do obtain access to company information and the extent of this problem is not known. However, I doubt that competitors have hired hackers to break into the vast majority of competitors, but I can guarantee that the vast majority of companies have at least one employee who will let some sensitive data slip.
How about the disgruntled, greedy employee? Most US firms will not get involved in buying stolen information and will turn in a thief who approaches them. Witness the Coke secretary who tried to sell secrets to Pepsi. Despite being fierce competitors, Pepsi contacted Coke and she is now serving a prison sentence.