They all do, and in most of them there are obvious errors in processes or rights assignments. It is pretty rare to come across a company that takes the threat from within serious. That's the whole reason Snowden could do what he did and if the NSA gets it wrong then there is a fair chance that your average corporation has faults as well.