I think it was worth it because even though we were a small boring company we received a fair share of drag-net style malware via the application channels.
Some of the attempts were pretty good also. I used to joke that the bad guys tailor their cover letters better than most real applicants. Which of course is a bit of a hyperbole, but there is a kernel of truth. It's not too hard to write a believable application letter that fits the archetypal IT position. Similar to not all fishing mails being full of spelling errors malicious application letters aren't either.
I don't know if we ever received a targeted attack, but I wouldn't know. I think bigger companies certainly will and I can only consider every HR department a high risk area.