2 Scenarios.

1) "Lost or stolen device". Can't the industry come up with some kind of key-pair solution for this, like they have / had in PGP ? The idea is that the mobile device can only be used in combinatin with registered hardware that holds part of the key combination. Surely something like this should be possible ?

2) "Bad people or people gone bad". The best solution for this is good HR (don't hire bad people) and good management (don't let people go bad). Take good care of your people and they'll take good care of you. Spend time with your employees, give them attention and LISTEN to them. Chances are you'll pick up signals of anger and / or frustrations in an early stage and you'll be able to do someting about it.

I think working on data security awareness and employee satisfaction is a far better investment than throwing more hardware and procedures at the problem.