To paraphrase a chocolate vending scientist, why is it so? One possibility is the relative immaturity of growing regional markets such as China -- if you're only just getting around to proper storage management, security is bound to be a bigger consideration than re-architecting.
However, that argument doesn't apply to the more mature regional markets, such Japan, Australia and Singapore, which still account for a hefty chunk of local spending (and a large proportion of the survey).
Vendors hawking virtualisation solutions (and that covers most players in this market) will presumably need to work harder on selling those concepts to local managers. In the meantime, those looking for a quick sale might as well talk up the security credentials. Anything to make a sale, hey boys?
And you can't blame them for it. but I must also say that none of virtualization solutions, come without security considerations. I think virtualization vendors, resellers and distributors need to educate and enable the clients by adding security profiles, such as Bluelane, Reflex VSA and others, in their portfolio. It should come as a default.