This might not be a good comparison, or one may think it is a weird one. For the past three decades technologists and cyber security vendors have worked hard to produce the best of the breed when it comes to technical security controls based on hardware, and now transitioning to sofware based or software defined alternatives. Around the same time the bad guys, whatever hat colour they wear, they have also been busy trying to poke holes on these controls, and they only need one good strike out of 1000000 tries. To be fair, they have been successful to say the least.
But what have slowly evolved is the Human firewall as defense, where organisations still believe hardware or software based firewall is the only good security controls to stop bad guys from the internet getting in their organisations. Well, if you have been counting, this is the long war, and every now and then the good guys may win , but playing a long game, the bad guys have an upper hand.
Regardless of advancement of technology, the human still remains to be the weakest link in the chain, and the organisations should invest reasonable well in fortifying the human firewall, because at the end of the day, you may have all the hardware and software good shiny updated firewalls, but if you dont have strong human firewall, you will always fell victim.