Thwarting Data Breaches: Flipping the Economics of Attacks

How can an organization make it difficult enough for an attacker that they dissuade or prevent an attack? Time-wise? Cost-wise? Potential profit-wise?