This article explains that a large number of organisations have security breaches in their network and they mostly go unreported. This makes sense as it would be bad publicity to acknowledge that their customer’s records are vulnerable to hackers. Still it’s important for everyone to be aware how often it really happens.
And it’s really up to every organisation to be accountable for their security. At the moment the laws in most countries aren’t strong enough to enforce this, so not much will change until matters get worse.