> Majority of attacks succeed because of poorly configured systems coupled with extreme "I know better" attitudes so prevalent in the security sector right now.
Nope.
The VAST majority of attacks are Mitnick-style social engineering jobs. You can configure a system as tight as a gnat's ass, but if the CEO overrides that, your security is toast and not for technical reasons.
It will take a few C-level staff up against the wall before that changes - and this is where regulators (personal responsibility) and insurers (industry blacklists of irresponsible management - don't think they don't exist) come in.