An old man's perspective
"Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks,"
For transparency: I'm old; I'm slow; and the last time I programmed anything that mattered I did it by punching indicator/switches on the from panel of something the size of a refrigerator. (It did use transistors). I have to keep things simple.
As systems exist today, they are impossible to secure. Everything connected, including the human user interfaces and the users, are part of the system. In the case of US government IT systems, users are required to accept and install downloads to maintain certification. Ordinary consumers are forced to do the same to maintain functionality. (What the updates do to functionality is another can of worms entirely.)
The configuration and state of the system are unknown and unknowable.
The bits of operating system and application codes are all metaphorically moving parts of an integrated system, being constantly dicked with, in splendid ignorance of their unintended consequences. The details and functionality of the different pieces are unknown and unknowable to anyone.
An analogy is trying to secure a castle with literally thousands of doors to the outside, where we've distributed keys to an unknown number of workers and service people. We give them permission to come in and change things without our knowledge. In the process we also open the castle to cutpurses, thieves, mountebanks, traveling salesmen and other sociopaths.
Governments (predominately the US/UK) have bought hook, line, and sinker into "cloud computing"--a term so nebulous as to be meaningless. In the meantime, vendors are pushing the "internet of things", in splendid denial of the fact that each new device adds another potential vulnerability that the "system". The system, which again includes every functional element connected, including owners of internetworked "things", was never designed to deal with the threat environment. .
The reality is that the internetworked system we are all now dependent on was never actually designed at all. It just grew like Topsy to extract the maximum profit from the latest hot market item.
ThyssenKrupp has it almost right. It is impossible to secure; there is no "virtually" about it.
For what it's worth.
P.S. Late-breaking news. President-elect Trump has announced that he is going to build a wall around the global IT infrastructure, and make the hackers pay for it.