Data breaches often as a result of an organisation's partner losing customer information. Who's ultimately responsible when this happens and would further checks and balances on the partner have stopped it from happening in the first place?
You may believe your site holds nothing of any significant value, but if you're holding user credentials then you have the keys to unlock their other valuable things.
Every now and then, an event happens that reminds us just how fragile the web is and how we've applied fix on top of fix to try and keep it all from falling apart.
Are people really being charged with encryption just for serving their blog over HTTPS? No, not even close.
The Yahoo hack of half a billion records is massive news, but what would they have that's of interest to a state sponsored actor?