That's a great point. Do you believe that the regularity of significant breaches has cheapened the reputational cost of having experienced such a breach? (Which, in turn, makes it less likely that "a robust secure software development life-cycle" will ever be built.)
I think its worse than cheapening the reputational cost, it has put a concrete ceiling on the financial cost - something like users affected * 2 years of free credit monitoring.