My guest editorial is live on SQLServerCentral.com. My argument is a simple one: we don’t care about data and IT security. I don’t just mean IT folks. I mean most everybody. I include myself in this characterization. I know a few exceptions, but they are truly exceptions.
In the editorial I include links as to why I make such an assertion. The TD;DR version: despite repeated breaches, our behavior hasn’t changed. Therefore, while we say we care, what we put into practice shows that we don’t.