Linux trades security for performance
Because of the Linux monolithic kernel architecture that provides speed instead of the inherent security of a microkernel, Linux is more susceptible to security flaws.
Security is best built in intrinsically at lowest levels. Adding security as an after though still leaves the original problems there.
While Linux has proven good for well-managed server systems where performance is required, it is bad for end users who don't maintain their machines or want the freedom to download apps and use their devices for 'fun'. These users want automatic security built in, rather than managed security.
This does seem like a paradox that security is more important on end user devices than servers. However, it is how that security is provided - built in to the OS, or managed by IT professionals. When a user's machine is compromised, it does not just affect that user - hackers can mount DDoS attacks against servers. This also applies to unmanaged security on IoT devices.