Why are honeypots not widely deployed?

There are legalities of honeypots that need to be considered. Here is a much older article, but does provide some information. In general, from what I've seen, the industry has moved away from honeypots.

For one, their effectiveness hasn't been established on a large enough scale to be of use to companies. Secondly, the legalities have made it difficult to run. For example, Super DMCA kept LaBrea Tarpit from becoming widely adopted.

That doesn't mean honeypots don't have their place, or can't be effective, but their use should be weighed with the problem being solved and the laws in the locale that they are being run.

Honeypots are "Security by Obscurity" when employed to catch insiders. Once it is known what the honeypot is, it is no longer effective.

On the other hand, honeypots employed to catch external users who have gained insider access can be very useful (I use them all the time). In this case, you can publicize the existence of the honeypot to internal users so that any activity on the honeypot is suspicious.

Legal issues scare people away (read HexTitan's link), honeypots can generate large numbers of false positives (making them potentially expensive to manage), and they need to be carefully designed so that they do not become an attacker's asset.

All these issues combined have come up when I suggest employing honeypots in my organizations. I have successfully countered the arguments, but the resistance has always been huge.

In short: the term "honeypot" is a broad term, and confusion and ambiguity as a result of the vagueness result in resistance from management to use honeypots, in general.