"...true cybersecurity will take a large dose of herd immunity...".
"Herd immunity" is not a term I've heard used in connection with "cyber" security before, and it's interesting to try and concoct a scenario in which it might exist. In its original sense, herd immunity refers to the idea that if enough members of a group are immune to a particular disease, even those who are not immune can enjoy a degree of protection due to the reduced avenues for infection.
This sort of makes sense if one is talking about certain types of self-propagating malware (the "I love you" virus, for example), where an infected business could infect another, but my understanding is that the threats faced by large organizations are usually in the form of spear-phishing, social engineering and other, more targeted attacks that are unlikely to spread from one business to another because they are being instigated by the attacker and tailored to the company in question. This would, one supposes, be especially true of attacks against infrastructure targets, which often have rather idiosyncratic systems.
I suppose it is possible that someone wishing to attack the infrastructure of the Grid, say, might go about it by infecting the systems of a supplier or contractor with whom they have regular contact, and so trick a Grid employee into opening an infected file which they think is from a trusted source, but I'm not sure that's what the article is driving at.
Can anyone think how the quote above might be true? The only other thing I can think of that remotely relates to "herd immunity" is stuff like Macs being (supposedly) less prone to malware because of the smaller number of people using them - but that's because the potential reward for writing Mac malware is lower than that when writing for Windows, and isn't really the same thing at all.