My point is though, that not only are we seeing that we still have a long way to go with securing our devices and data and privacy, we're also discovering that we have a long way to go with patching the holes in our regulatory systems and the more this happens, the more people will be educated to protect themselves and hopefully the more companies, governments, and other organizations realize they gotta step up their game.
To me, your argument sounds like the same argument that's been discussed here before - the user / company is dumb and should know better / protect themselves better. I'd say a more realistic (and cynical) view of this is that we have almost no good method of arming ourselves and that this year has unearthed just how deep the abyss goes.
It's all bears and no bear spray, so to speak. There are a bunch of things nerds can do to protect themselves but how the hell am I supposed to teach my mom what WPA even is, let alone how to update a router?