Re: Are you a target?
And the same is true of completely automated attacks, of course. Self-propagating malware – viruses and worms and the like – and botnets that automatically attack other reachable targets, to name a couple of variants, don't do cost/benefit calculations because the cost is minimal.
And then there are the various pyramid-style criminal franchising operations, which generally prioritize quantity over quality.
The key is that benefit calculations are often done after compromise and other damage, as non-performing victims are abandoned (or relegated to just being another node in that botnet). You have to raise the cost to the attacker by blocking the widespread automated attacks and script kiddies, so only someone with a specific reason would make the effort to penetrate your defenses.
Then on top of that you need resiliency, of course, because frequently they'll get through anyway.