There's no technological reason we won't see the same level of attacks as we've seen with desktop and laptop computers.
People see that there's a short-term hit in terms of designing a security architecture that caters to these devices but they don't take in the cost of dealing with an incident.
They may be erring on the side of caution.
The careless employees still pose on the greater risks. Not enough of these enterprises are necessarily implementing device encryption.