Computer security is a new thing in those industries; regulations have yet to catch up.

The point here was, there are always companies that are looking to make a quick buck and which will always refuse to "spend extra time and money securing it properly". Such companies have the market forces on their side - the less they give a shit, the faster and cheaper they can sell their products/services. Regulations in established industries ensure that the minimum level of giving a shit is still safe enough for people.