Also... I can't think of any organization that actually needs several hundred services piped to each workstation... I'm trying really hard to think of what those would all even be...
Your lack of imagination does not negate the possibility.
Okay... lets say the company has 10 databases because they're too lazy to integrate them.
Why would they integrate them? What's the business advantage of doing so? Do you really think the suits are going to allow you to spend the time doing this when there's virtually no benefit, and it's much more important to fix the shade of red on the landing page?
Then lets say they need email? In my experience they tend to actually need a way of passing information around the organization rather than accepting and sending information out of it.
This is pure bullshit. Companies need to communicate just as much with the outside world as they need to with each other. Have you ever actually worked in a corporate network environment? Your 99% number is invented from whole cloth.
Then what else... a web browser with access to a finite and specific number of domains.
Who's going to manage that? What's keeping the end users from using another browser?
Anyway, I don't know why you'd need users to be able to access that many sites. At least not in a high security environment.
You're delusional. The suits are never going to stand for having to ask permission every time they need to go to a site not on the whitelist. You're better off using one of the filtering services that's out there (blacklist).
I'm pathological about controlling EVERYTHING. And I do.
And when someone with "Chief" at the start of their job title tells you that they control something, not you, what are you going to do? You can quit or be fired. No, you make the exception. I've worked at multiple Fortune 500 companies that allowed the C levels to do pretty much whatever the fuck they wanted.. and one of them let the users do whatever the fuck they wanted, including porn. You can try to control everything, and you might succeed, but sooner or later someone with hire/fire over you will make you make an exception.
The likelihood of something people don't have any experience with falling to hackers is "less"...
Have you ever heard of a zero-day vulnerability?
it seems like most of your premise is that low security is the only way to go in unskilled environments where even the IT department doesn't understand their jobs. I suppose but if your security department doesn't understand security then you don't have a security department. :D
IT incompetence is a thing to be sure. But, it's more likely that IT is only about 50% staffed for the workload they have, and also that they will not be allowed to implement security measures if the suits don't like it. Very often their hands are tied. Without executive buy-in, they're bullied into doing whatever the fuck the users want, security be damned.
I'd like to live in your world where you never run into idiots that have power over your policies and basically make it impossible to do your job sanely. "Do it or you're fired" is a thing.