If valuable information wasn't being stored in plain-text or otherwise easily accessible it wouldn't matter. The ideal solution is to avoid storing sensitive user information that isn't needed whenever possible and encrypt if you absolutely must store something sensitive (medical records, etc.) because the reality is that no matter how much you spend on defense, it only takes one successful attack to render it all pointless. Further, even with exceptionally secure software, it's often a weakness in the humans maintaining it or overseeing it that leads to a successful attack.
It's safest to assume that no matter how good your security, someone will eventually break through. As such, any sensitive user data should be encrypted so that it's not feasible for it to be exploited or used nefariously by the hackers who broke in. Everything else is just mitigating risk or delaying attackers. A locked door or alarm system won't stop a truly dedicated burglar, but it will make most look for another target or make it easier for them to slip up during the process in some way that leads to finding them.