It appears that many organisations have accepted that they will suffer a network security attack at some point, and that they need a plan to recover; but with some clever defence in place, they should be able to avoid such a breach in the first place.
This article compares building stronger online security with physically building stronger walls and double-locking doors, but then forgetting that a spare key can be found or a tunnel built underneath.
Cyber criminals are attacking organisations for commercial gain, and the harder you make this, the quicker they will move on to someone with less good defences.
In IT terms, organisations should think Security Zones, micro-segmentation, Network Access Control, authentication-based firewall policies, SSL visibility etc. – the options are manifold and various, and the attackers will devote time and effort to getting inside, but only to a point.