Actually everywhere "defense in depth" is used (not only in computing, but also in e.g. aviation), there can't be one single cause for a disaster - each of the layers has to fail for a disaster to happen.
Almost every accident, even where there is no defense in depth has more than one cause. Car accident: person A was on the phone, person B didn't spot their deviation in time to do anything about it: accident. A is the root cause. If B would have reacted faster then there wouldn't be an accident but there would still be cause for concern and there would still be a culprit. The number of such near misses and saves by others is similar to the defense in depth in effect even if it wasn't engineered in. But person B isn't liable even though their lack of attention to what was going on is a contributory factor. So root causes matter, that's the first and most clear thing to fix. Other layers may be impacted and may require work but that isn't always the case.
In software the root cause is often a very simple one: assumption didn't hold.
In software the root cause is often a very simple one: assumption didn't hold.