I sadly have to agree. Stricter laws aren't the solution. The problem is, you can build a good security, but you have to base your security on something. And this "something" may have been not secure in the first place.
A good article is from 2010, when someone formerly coding BSD, one of the most secure systems, if not THE, known today, sent an email that he had to code a backdoor into it requested by the FBI. Part of that code is used in almost any chip nowadays, although being altered so many times, it probably doesn't work anymore. But it being open source, everyone could see it and no one ever noticed ...
The article can be found here:
arstechnica.com/informati...r-in-openbsd-ipsec-stack/My point being is that there's always a weak point and of course it isn't visible. Security updates happen fast, but if you are a well informed Hacker, you probably know before most company IT could implement a fix.
And there's always the possibility of human failure. Not setting the correct parameters, not getting all the upgrades in time, overlooking something or simply a co-worker surfing on the wrong site and infecting the network, creating a backdoor into the system.
As a security specialist it is you against the internet. That's pretty hard to fight to a draw, and impossible to win.