Hindsight is wonderul.
There is a dynamic balance between security and usability. While not a zero sum game, extreme security definitely interferes with usability and high usability defintely conflicts with security.
It is a mistake to think of this, esepcially internal attacks, as a technology problem. As long as there have been organizations, business, political, military, it is always the internal that is the biggest threat. It's a social engineering problem, and the model to look at is perhaps banking, where the risk of theft and embezzlement have been dealt with for centuries are virtually mappable to data security. Similar cultures and patterns of auditing need to be applied to data as to cash.
Note also that despite centuries of work, theft and embezzlement have NOT been eliminated, just managed.
-- FORTRAN manual for Xerox Computers --