Should not the companies want to be secure and there for invest in security? Is it not immature companies that does not?

To force companies to do things, like informing the public about these things would probably be very problematic to enforce. All thou it would be neat. Most companies would probably feel ashamed to go out with this information all thou there is nothing strange about getting hacked, it happens to a lot of companies. Thou some hacks are more humiliating than others.

Many companies, like banks, do get hacked and most people knows about this. They themselves however often calculates on it, how much it costs to fix the security compared to losing some information or money to the hacks of various sorts. If they however knew their IT it should not have to be all that expensive to secure but nothing is free and when you lack knowledge and it's a cost involved as well, I guess it's easier to push the investment in security aside or on the future...