The theoretical risk is great and that's enough for some companies to take it very seriously. But I haven't heard of it happening much in practice and it seems like flagrant GPL violation stories are a fairly regular occurence.
I would assume that it also takes a certain scale to be able to manage things well in this regard. There's a nasty gap in between one person and ten people, made far worse if the company needs to hit a milestone yesterday or cease to exist.
I'm sure that these violations are 100x more common than they appear, and that most of the culprits go out of business for unrelated reasons before anyone notices. Even when stealing to get a head start, running a successful business is hard.
