You'll never get the public to understand enough to care
The general public often doesn't even know who most of their heads of state are, and that has plenty to do with their life, future, and well-being. I think it is a bridge too far, even with some of the proposed educational models, to expect the general populace to be savvy enough in infosec to drive a demand for greater security.
This is the exact type of scenario where regulation must step in. Look at SOHO routers as a prime example. Most of them are totally ownable right out of the box, and manufacturers keep on making them, and we keep on buying them. The manufacturers don't fix it, because that costs money, and since the customer doesn't know enough to care, that situation continues in perpetuity.
I don't claim to have the magic bullet to kill this problem, but I do believe it starts by making it financially painful, via fines, to an organization for getting owned, provided that it can be demonstrated that their security is a joke.
This is where the devil in the details hides, though. We have to punish the negligent without blaming those that are genuinely victims. Only then will we see security treated with the importance it deserves.
Biting the hand that feeds IT
