High security does mean high cost
Cost. The number one reason for networks being less secure than they might be. People don’t like spending money where they don’t have to and if a network is functioning, well, why spend any more money in the shape of either equipment or staff time, right? The vast majority of networks are set up like this. The job is often considered complete when all servers are talking to each other – nobody wants to complicate things by adding network defence.
All that means is that most networks have glaring vulnerabilities that will be exploited by either script kiddie or targeted attacker. That includes the big players like banks in our experience.