Easy target to blame
But also not necessarily on target. UK for example companies have to conform with a sizeable amount of legislation across a wide area; technology security is but yet another one to deal with. There's only so many times you can threats about fines, prison terms, loss of customer confidence etc levelled at you before their impact withers. In fact, I'd argue the sheer amount of FUD thrown around by vendor contributes to this problem. Perhaps if they made a decent fist of presenting a good case for their product then it stands a far better chance of being accepted.