Not saying that big companies don't have security issues. Expressing it differently: having multiple heterogeneous dependencies increases the effectiveness of supply chain attacks.
Now imagine you have 16 national industries that you've defined as basically "needing the best security reasonable", and most of those industries only deal with security as much as their insurance companies make them.
It's a nightmare out there.