79% of respondents said that they had been victims of malware that evaded their AV measures. How? Automated, point-and-click obfuscation technology for virus creators is a big part of it. And the 10 million new malware examples McAfee sees every year are only the tip of the iceberg these days.
A best-case evaluation of "vulnerability assessment tools" says that they find only 20-30% of flaws, and that real-world tests would probably be worse.
92% of information losses involve databases, yet very little budget is spent on DBMS security. Even better, 70% of respondents said they were assessing database security, but 64% of those same respondents said they didn't know how they were doing so.
For the mainstream press, it's pretty remarkable to see an article suggesting that most of the security industry is a sham, peddling outdated products that cost a lot, add lots of overhead, and accomplish nothing of value.