I agree with Axel that
it's not a failure of information security but that of people
when it comes to our current problems. I also agree that the thought
that security is mainly a technical problem, although popular within the
marketing realm, is a misleading one.
However, I dislike the view of a company's maturation. The quality of
any company's security depends on the quality (you can say "whim") of
the people within that company. A company's security "maturity" is
measured by how well its policies are accepted, practiced and enforced.
Unfortunately, it's not a progressive process. Any change (in finances,
employees, management, politics, love life, business model) has the
ability to massively affect the quality of an organization's overall