Why ?
If your starting point is systems are inherently insecure, then unless you can prove otherwise (think about it) it's a valid assertion.
So the focus should be on ensuring data breaches can't be of use to hackers. Encryption at rest seems a good start.
Otherwise you are just aping the moronic HMG "can't happen here" stance. Which is scary.
Biting the hand that feeds IT
