Some interesting commentary in that piece. Bennett's comment "This isn’t push one button, pay $500 and you’ve got a solution" I think is something cybersecurity professionals have been preaching for decades. Security is a cultural attribute, like quality or hospitality. You can't buy it.
I think the larger problem is we have yet to legally sort out liability for cyberattacks. If manufacturers (software, IoT, etc.) were sued for malpractice and but a single case decided in favor of a plaintiff, then you'd see a massive change in thinking. Similarly, if a health provider is frozen by ransomware, the board of that organization should be subject to investigation, much as would happen if some institutional fraud occurred. What we are dealing with in cyberattacks is not an act of God, nature, or even (in most cases) ingenuity. What we are dealing with is corporate negligence, a failure to protect against relatively simple, well-known attacks, that are becoming more and more automated.
Something that Bennet says that I think is wrong is about older folks being especially susceptible to cyber scams due to their unfamiliarity with technology. I think as has been borne out in other studies (FBI, etc.), older folks tend to be more skeptical or alert to potential scams than young folks whose thumbs move faster than their brains.