Know of various companies that have lost data. And I know more who turn a blind eye to everything because it will never happen/we trust are staff/etc

Best one I have heard is third party suppliers saying its not their responsibility to secure the database. Yet it is their code, their security, their incompetence that allows are one to hack the system. Pity the Information Commissioner in the UK doesn't give any guidance on this.