Exploitation
It's too much hassle to exploit in real-world scenarios given the slow rate of exfiltration and that the code to abuse spec-ex is non-trivial (bar Meltdown, perhaps), and that there was an immense amount of engineering work poured into closing the side channels (or attempting to).
Thus, if you're an exploit developer, you'll probably go back to attacking bugs in the Windows kernel or tricking people into running email attachments as administrator - it's far easier.
That isn't to say it's been a complete waste of time. If Meltdown, and the Spectre variants that can be exploited via a browser or virtual machine, hadn't been addressed, I think there would have been shenanigans by now.
I think, perhaps, it's a case of this: if nothing was done, someone would find a way to leak stuff from browsers or virtual machines at least; and if mitigations are in place, no exploitation happens, and people wonder what all the fuss was about.
One thing it's done is highlight the semiconductor world's rush to put speed over security, and also the holes in Intel's SGX.
C.