In this list of Ten Tech Companies that are more Profitable than Facebook, there are two infosec representatives. Facebook has 40% Operating Margins, very respectable even by tech company standards. However, not to be outdone, infosec's 1995 innovation outperforms even the latest buzzworthy names like Facebook. Checkpoint sports 56% Operating Margins and the other tech tha's more profitable than Facebook tha happens to be an infosec company? You guessed it - Verisign at 42% Operating Margins.
All for companies making profits for doing good work, but would be nice to measure innovations in years not decades. Companies continue to spend on security, but what we can see from margins like these is that the security market itself is not demanding that security companies innovate, so they churn out the same stuff every year with a scintilla of improvement - now your Firewall box comes in the color red for 2012!
Sadly the biggest problem in security isn't attackers or complexity. Its the lack of market forces in infosec, the buyers (Infosec teams) don't demand innovation and so the vendors don't provide it. What you get is a very small toolset for a very high price. Think of what you would have got for a database from Oracle in 1995 (infantile capabilities comapred to today) and at what cost, what you would have bought for a database even 7 years ago is freeware at this point, database buyers are discerning and demanding. But 15+ year old innovation is still getting top dollar in infosec.