> Most of this stuff happens by accident not by intent.
Consider the intent of not hiring enough security staff and supporting them appropriately. It looks a lot like an accident. You could even say it causes accidents.
Hiring more people does not prevent the chance of mistakes. It may even increase them. I know places that spend lavishly on security (and employee education w/r/t social engineering, etc.) and have still been breached.
Google and Apple spend lavishly on security and are probably the most heavily attacked companies in the world, often by nation-state adversaries. Yet as far as I can remember, neither has had a successful breach like this in well over a decade.
Consider the intent of not hiring enough security staff and supporting them appropriately. It looks a lot like an accident. You could even say it causes accidents.