Espionage is real and happens far more then it is reported, partly because companies don’t want to report such a thing. It can damage a companies reputation and in some of the other cases they have no idea what has even happened.
Would you know if there is malicious software running in your network?
Creating something that will not be detected by AV is pretty simple, and what about the C&C and data channel?
What about skype? or maybe an ad hosted on a legit site? what if it only looks while a logged on user is surfing? could you see it then?
This stuff can get nasty, then start throwing SSL in the mix and watch your IDS signatures work.