Many people feel like the information security field and the vast growth it has seen over the last few years is unsustainable. They may very well be right; however, there is something far worse that may kill off the industry, and it is ambivalence of security as a whole. In trying to make many of the arguments for improved security and for strengthening ourselves against attacks, have we only created a de-sensitization effect where the users and industries now just assume the risk and don't take the threats seriously. If eventually no one cares, then what does it mean for an entire industry? Can we even do anything to fix it, or have things already gone too far?