Why would a hacker pay someone to install malware versus hacking into Tesla directly?

Because the human factor remains the easiest path to gain access to places you're not invited.    

In this instance, had the employee taken the million dollars they would have have fallen into the witting and malicious category of insider:  "I know what I'm doing is going to harm my company".

In times of economic downturn or crisis the risk insiders pose goes up.  Insiders broadly fall into three categories:

1 - Witting and malicious:  They have a grudge or are fearful of losing their jobs and seek to increase their income/value recognising their actions could damage their company; 

2 - Witting and non-malicious:  They feel pressured and consciously circumvent controls in order to get the job done, but did not intend to damage their employer; and

3 - Non-witting and non-malicious:  The employee just didn't know what they were doing could cause harm to their organisation.

As the re-start gains momentum, organisations must consider how they respond to the threat of insiders.  A coalition of operations, legal and technology specialists are needed in order to prevent disruption or loss of IP.

Tools alone won't mitigate this risk - they might detect it, but by then it will be too late and your crown jewels might already be in the hands of someone else.