
Statistically inevitable
Any organisation that goes beyond a very small, trusted circle will (eventually) have bad actors in it and therefore needs to prepare for and defend against this.
Anyone working in a cyber security environment will tell you it is not a question of 'if', but 'when' a system is successfully compromised.