I don't think that follows. There's not a single large organization - private business or a government - that can claim to be 100% hacker-proof. A lot of "cyber" problems are also people problems: humans make mistakes, deliberately circumvent policies and security mechanisms to "get stuff done", can be coerced or bribed. That doesn't mean they are incompetent, just that defense is never perfect.

Making criminals' lives more complicated is a good strategy. Corporate vigilantism, I don't know.