Verizon has just issued a new set of reports on security that make for interesting reading. One striking statistic, from my perspective as a developer, is that approximately 80% of security breaches arise from errors of omission by developers or administrators.
A cure? All systems should go through a security test before launch and be subject to periodic mock attacks or hack attempts.
The report is available at http://www.verizonbusiness.com/resources/security/databreachreport.pdf. An executive summary is available at http://www.verizonbusiness.com/about/news/displaynews.xml?newsid=25135&mode=vzlong&lang=en&width=530