If you want some stats on threats, check this out:

http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2003.pdf

It's the FBI Computer Crime survey for 2003. Maybe most people don't consider this a 'hack', but the insider threat is often greater (and potentially more devastating) than the outsider threat.

If you have a trusted user on your network he could exploit his access to get into places where he shouldn't be, he could download virus-ridden software to his local machine and pollute the network, he could walk off with hardware, etc. And most network-based IDS are focused on the outsider threat, not one from the inside. So, yeah, a lot of damage could be done with very little effort if your attacker is an insider.