Security is weak
Because nobody wants to to spend the money on the kit.
I regularly get asked "what are the chances of it happening to us?" or I get told "nobody would bother hacking into our stuff, we're not interesting enough!".
I'm not a liar so I explain that the chances aren't high but in having crappier kit you increase the chances of being found to have vulnerabilities through the use of Shodan etc.
Also, the very fact you are uninteresting is a great reason to want to hack in. Low key targets are surely less likely to act aggressively in the fall out than a high profile target.
I know people are going to down vote me here since im blaming the kit and the youngsters amongst us actually believe its the config not the kit that matters...but ask yourself this...would you rather be sitting behind a proper hardware firewall <insert brand you worship> or something like a netgear DG834 P.O.S. ??
One costs a lot of money one can be picked up at PC World / Maplin for less than £30. You get what you pay for in the security world.
Got no budget? You get no security.
Yes, even those of you that have your Active Directory and your GPOs. You guys are even more vulnerable. That dumbass CEO you secretly gave admin rights to and permission to open anyones mailbox...hes the one link that renders your whole setup worthless.