You would expect with all the publications on SAP security (from a technical perspective), awareness within companies would grow and they give this the attention it needs. However, somehow you still see a lot of companies struggling to get their environments properly secured.
Factors that will not help is the lack of available expertise - often SAP security consultants are still SAP authorization consultants -, and the complexity of implementing a proper security design: securing an (existing) environment properly without hampering business processes is quite a challenge and requires diverse skills to be able to oversee all consequences.
I think it is good that these posts on technical security keep appearing on forums and in blogs. Hopefully, it will convince people / companies to give this the priority it deserves.