> 1. Low-level employees typically don't have access to sensitive information.

You would think, but when I was interning (well, it was a paid internship) for a company, I was fixing an excel spreadsheet with payroll information for an entire department of a few hundred people. Not the best piece of "opsec", but when you are in a hurry (pay was due in a couple of days) and most people are on vacations "hey the junior kid can probably fix it, he seems fine" is a way too common approach. And it is fine - sometimes for a long time. Until it isn't.

Yeah I recall being a new hire at a defense contractor, getting a login, and accidentally opening an excel sheet with a ton of management user names and logins. People are sloppy.