Clearly, many people do not yet have the skills and knowledge - gaining such does that time, money, and slows down projects, since they would "work" insecurely just as well as they "work" securely.

That last comment is exactly on target, though - security comes in three basic flavors:

1) (At some point in time) You lose your data and/or you lose your systems, you lose your customers, you lose your membership, and you go out of business.

2) (At some point in time) You lose some of your data and/or you lose some of your systems, you lose some of your customers, you spend a lot on immediate remediation, and you suffer reduced business and/or increased cost of doing business

3) (At some point in time) You fail to lose some of your data and/or some of your systems.

It's essentially the same set of arguments as dealing with natural disasters, fires, and so on, without the loss of life and usually without the physical destruction of property.