In an article published last month by Computer Economics (link here) more than half of midsize and large organizations and over 35% of small organizations experienced unauthorized disclosure of confidential information at least once in the 2009-10 timeframe.  This disclosure was due to malicious insiders accessing unauthorized company information (as opposed to users who did so with no ill intent).

Not only was there a high percentage of these incidents, but among CIOs that had not yet suffered such an incident, a majority did not rate such events as requiring high level of concern. 

This data was based upon a survey performed by CSO Magazine, and co-sponsored by the Secret Service, Deloitte, and Carnegie-Mellon (link here).