Today's incident shows that the real problem is actually that organisations spend too much (money, but too little time / manpower) on security.

Hey, third-party vendor, I'll give you all the money you want, I'll let you pwn all my systems, I'll be your little bitch, just make me secure, I don't have time for all that security shit, kthxbye.