Typically upper management echelons are largely to blame for these breaches. As a previous commenter noted IT budgets have been repeatedly slashed. Combine that with a perception of IT not adding to the bottom line (i.e. cost center only) and a (faulty) risk analysis that it is cheaper to deal with the results of a breach than to try to prevent and you wind up with an infrastructure that just can't meet the security needed to remain secure against most threats.
Posts by Merodach
6 publicly visible posts • joined 14 Oct 2010
Insurer tells hospitals: You let hackers in, we're not bailing you out
WHOOPSIE! Vast US health insurer CareFirst plundered of 1.1 MEELLION records
Thursday 21st May 2015 14:25 GMT 
Once again.......
A company takes the low road, and instead of securing the data properly merely offers credit monitoring.
Here's an idea to end this :
1] Require, by law, not just monitoring but the full cost of credit repair and restoration be borne, primarily by the executives of the breached company.
2] Fine the company 10x that cost, with all money to be directly distributed (NO LAWYERS!) to the victims of the breach.
Biting the hand that feeds IT
