How Many Times Do We Have To See The Same Breach At Different Companies?

from here

Sometimes it seems like the biggest problem in infosec is the belief that it won't happen to your organization. What else would cause people to not take obvious countermeasures after the same kind of attack is used over and over and over again?