Arguably much of this is caused by governments getting into the zeroday market / blackhat position removing the incentives to fix stuff. IT security got degraded so far that it starts effecting the economy. There was a reason initial cryptocontrol had exceptions for businesses.
Bloated security theater being profitable also doesnt help. One example is smartphones as TAN generators for online banking replacing TAN lists. While you can now charge customers per SMS, the second factor got quite a bit more easy to attack.
Unfortunately i dont see yours either. We have governments arguing against stronger encryption due to fears of going dark. Which means against having secure systems.
This is in addition to a lot of government agencies sitting on, and investing into the knowledge about vulnerabilities. Some of the more public ones getting fixed doesnt change the overall vulnerability of the system. There is a clear incentive mismatch. One cant pretend that those vulnerabilities are "safe" due to only spooks knowing of them. If you can find them, so can others. Especially if you are actively exploiting them.
I would argue that this shows both an unwillingness to accept improvements in security as well as actively degrading the current state. And this is before talking about governments actively adding vulnerabilities, which now even possible by law in some jurisdictions.
Bloated security theater being profitable also doesnt help. One example is smartphones as TAN generators for online banking replacing TAN lists. While you can now charge customers per SMS, the second factor got quite a bit more easy to attack.