Hi Juan,
In my opinion the classic SAP security is a business function and can't be made to handle technology. I would go so far to say that classic SAP Security experts may know what an IP address is, but will not be able to explain the purpose of a subnet masks. In my opinion this is perfectly ok. I wouldn't expect that knowledge from an SD or MM expert either.
Basis can't fill the technical security role. You want your best basis people securing the system since they may most likely able to grasp the complexities and dependencies. However, you can be 100% assured that as soon as there is a severe production issues, these guys will be made to take responsibility and drop everything security related. Basis already has enough on their plate and most of the time don't have the right mindset. Stuff needs to be done quickly.
Regarding the InfoSec industry just take a look at the number of SAP related talks on events like BlackHat or DefCon and how full these presentations are. SAP is horribly complicated. It's much more effective, easier and spectacular to compromise a company through other technologies. There are a few exceptions and companies will purchase products like yours, but the initiative come from the CISOs with no insight into the SAP technology. What happens then, the basis teams may configure some parameters so that your reports turn green (which is already a huge win, don't get me wrong) but that is nothing different then the issues that arise when compliance drives your security.
In my opinion there needs to be a new job function in the SAP world. Just like the classic SAP Security from business view there needs an equivalent position that focusses on SAP Security from a technological view (perhaps something like Functional-Security vs. Technical-Security).
When I started to focus on this field I was naive and thought that people would jump at the issues immediately if I raise awareness and show how simple it is to attack an SAP landscape. It's not working. It's overhead and additional work for the basis teams. It also requires a new way of thinking and a security focused mindset which will not happen anytime soon.