The most interesting part of doing security consulting in my experience is business owners worrying if the firewall is strong enough and of course industry standard still have flaws and exploits.
I believe most are trying to lock the front door but leave the backdoor wide open, not too many thieves I have heard of use the front door if they want the DB?