Because it's hard for non-tech companies to grasp certain key concepts. Thanks to Hollywood, they have very flawed analogies and terrible understanding of security exploits.
They work on a safe wall analogy. Suppose it takes two weeks to drill a hole in a safe wall. Day after day, the safecracker drills away at it, and after 14 days, he succeeds. To them, a hacker does mostly the same thing. There is an attack, security becomes weaker, and after a certain number of attacks, they're exposed. So they "harden" their systems to sustain more such attacks, much like a bank might install thicker walls, electrify them, and so on.
They also imagine that their IT security team (if they have any) actively engages hackers to mitigate such attacks (again, thank you, Hollywood).
So for them, there's no concept of "next time". They don't understand that their systems have exploits that completely circumvent every safeguard there are in place. And to them, it's completely acceptable to them that a hacker whittles away at their systems. After all (another set of flawed analogies):
- it's just one person;
- even if he succeeds, the damage will be limited;
- nobody else will be able to use his exploit.
I realize that hacking is not ethical. I realize there are no "victimless crimes". I can't say that I wish they are hacked over and over until they learn. I won't even say they deserve being hacked.
However, pride goes before the fall. They leave themselves completely open for exploitation. There will be people who take advantage of this. The next hacker that comes along may not be a white hat, or even an off-white hat. And the inevitable next exploit may crush the company completely.