I think the thing that I really care about when i hear a company I use, or I'm looking to, has a data breach is how much that put into mitigating that breach. If a company that i used was breached because of poor workmanship or standards (open to injection, website has a default Admin password, etc) I'm going to very quickly move away from that company. On the other hand, a company might make a huge amount of effort to stop a breach, and yet they suffer one. I'm far less inclined to stop using the services of that company then if I know that they made a large amount of effort to stop it happening in the first place.

You're not wrong, every company is going to suffer a breach at some time (it might be large, it might be small). Even something as simple as sending a letter to the wrong customer is considered a breach. The important part, in my opinion, is how that company handles said breach and what actions they took to stop it from happening in the first place. Those that can''t evidence or don't practice good data security aren't only going to suffer a breach, but they're going to suffer them multiple times and that's going to be when their reputation is really going to plummet.