"Breaches are up despite the fact that the percentage of businesses that encrypt laptop computers, databases, and back-up tapes--all places where sensitive data are kept--increased about 10 percentage points over the last year, according to a survey of corporate security executives by PricewaterhouseCoopers"
It goes on to add:
"The survey numbers underscore how technology can get a business only so far. Real security is a result of people understanding the nature of the threat and acting responsibly. Unfortunately, most people seem to be tuning out security news."
In my opinion, the major issue is not the lack of awareness, but the fact that the majority of existing market solutions can not prevent data breaches and are not able to protect against web application attacks or data theft from a database. There is a reason that the PCI council mandates firewalls and Anti Viruses and Web Application Firewalls and Data access control and activity monitoring and strong encryption....
Morgan Stanley's report explains the transition in the security market that is leading to an increased focus on the data:
Security is finally starting to get it - the reluctance to target data-centric solutions has been shaken with obvious needs highlighted by unrelenting data loss. But as has been the case throughout the industry's history, private companies are leading the charge and public companies are rapidly (if not rabidly) consuming these more appealing solutions.
The diagram below illustrates the shift within the security market. Some solutions are becoming widely deployed; however, the risk landscape is changing. The focus is on the application data, not the worm, virus or a script kiddie's attack.
Some security vendors still don't have the the necessary solutions. In the spirit of the upcoming election, the people do not need gimmicks, they need solutions.
image source: http://www.infosec-technologies.com/PDFs/State%20Of%20Security%20031507.pdf