[hudsonjr]

#3 is big as I'm not a security or IT person, but have had a big burden placed on me with regard to security. The biggest factor is work that was once done by internal employees in trusted areas is now outsourcers and contractors, sometimes from low pay higher corruption areas.

There's a constant fight of giving and removing access from an army of people. Additionally, there are often efforts to push these higher risk people into more confidential areas because the push to cut costs. Make one exception and then a "but this person has access" is sure to follow.