Sensitive data should be hard to steal in bulk.*
Put the data warehouse behind a slow-speed link - one that's just fast enough for normal, expected traffic. "Slow speed link" may vary by time-of-day or other circumstances.
The goal is that if there's a big rush of traffic, requests will get queued or dropped and someone will notice and be able to hit the "emergency stop" button.
Sensitive data that will never be needed "in real time" should be stored in a system that can only be accessed by a few people (or robots serving the same purpose) who have the job of taking requests, copying the data to temporary storage, then moving the temporary storage to someplace where the person who needs it can get to it. Think of it as a cache with a 5-minute loading time.
If industry does this, some things will be less convenient and more expensive to run, but the risks of large-scale, hit-and-run data thefts will go way down. This won't fix small-scale thefts or slowly-drain-the-data-warehouse attacks, but it will help.
* Sensitive data should be hard to steal, period, but that may be too much to ask.