[stdgy]

To play devil's advocate, how much money did this breach actually cost the pipeline? A few million bucks?

That's probably a rounding error on their quarterly report. Heck, it might have cost them more money to hire more people to provide adequate security to prevent such attacks than to just suck it up and get attacked.

It may actually be economically favorable to stay insecure!

If that were the case, the market would actually encourage CEO's to spend less money on security, not more.