How many breach notices have you received this year? I would guess that, for anyone with enough online life to read my blog, the answer is between eight and twenty.
Does a single one of those notices fail to say that they “take your security very* seriously”? Don’t we think that’s pretty tough talk from the entity who just informed you that it took them seventeen months to realize they’ve leaked all your information to Russian criminals or the People’s Liberation Army or some script kiddie from Albania or… well, they really have no idea.
* – “very” is optional and depends on the mood of the PR person who was composing the letter, and/or the CxO who signed off on it.