I may well be ignorant/naive but I don't understand why these companies don't do things properly so that hackers have absolutely no chance of getting in in the first place. (Unless of course it was an inside job.)
Every system I have been responsible for is secured to the absolute max, far above standard configuration, and is tested too.
Perhaps they are just hiring too many rubbish people so that the good people are diluted, drowned in compensating incompetence.
The problem is often that the people who know at the sharp end (as in 'IT') are out ranked by the people that sell.
The usual conversation is give me a system I can use 'Now' so I can start selling to customers and make money.
Any attempt to talk about security and 'Doing things right' gets stomped on from on high as delaying things and getting in the way.
The Sales people then get their way and the IT people are told to work around the 'Live' system BUT do not stop the Sales people from working.
Any further attempts from the brave few gets the standard "We make the money that pays your wages, so stop delaying things", usually to an Senior IT Manager who resents the comments and stomps down harder on his people to save his/her own neck.
When it all hits the fan is usually the point were the IT Division are suddenly seen as being 'in control' of their own domain.
The same IT Manager will be getting it in the neck for NOT doing the right thing.
The usual suspects/scapegoats, many levels below, will be blamed and fired.
Seen it and reported on it and it has been acknowledged and
ignored because it would be too embarrassing to admit that is the way things really happened.
i.e. The real culprits are too senior to be seen to be in the wrong.
After the fuss has died down the Senior People usually are reassigned to another geographic area where the true facts can be ignored/re-written/lost in the mists of time.
Recruit and/or promote as needed and start again.