Weeks after Google, a technology leader gets hacked by having ancient versions of IE 6 on their desktops, and you're asking why encryption isn't everywhere?
Same reason IPv6 isn't everywhere, VOIP isn't everywhere, the current spam-friendly email protocols we've been living with for decades haven't been replaced with authenticated sender-based protocols, and why blacklist-based antivirus hasn't been replaced by a less "lossy" model of security.
Why? Because doing nothing costs nothing. Doing something costs something - and if you can't explicitly explain why doing something more than the current "bare minimum" MUST be done, quantify the costs of doing vs. not doing it (and have the latter exceed the former) and/or end-of-life the current methodologies, then things just don't happen in the low-cost/low-budget world of IT.