We are a software company what would anyone want to steal from us?

The other day I was chatting with a colleague of mine about one of my products Defender, that enables two-factor authentication, and he said besides the obvious like financial institutions, who would actually need to use a product like Defender? He went on to say, take our company for example what would hackers even want to steal…would they really be trying to steal our IP? The answer to that question is no, but that got me to thinking that a lot of organizations probably think like that when it comes to protecting their network resources. But cyber thieves usually aren’t interested in trade secrets they are interested in money, customer information, or retaliation and all organizations should be concerned about those things. So as I was reading the Verizon 2011 Data Breach Investigations Report and found out that unauthorized access to corporate networks through user names and passwords topped 45% making them the second most compromised data type. I starting asking myself why aren’t more organizations using some sort of second factor to protect their network? Is it because they don’t think they are at risk, because they don’t want to spend the money, or that they think it’s too difficult to implement? Anyone have any thoughts?