I'd buy the core thesis and appreciate the concern.

I do think security is going to require more, not, less human investment as attackers may be running automated vulnerability screens from the outside that you must counter, as well. Without rigorous internal processes to manage and screen all changes and upgrades, companies risk leaving themselves open.

One design change which limits exposure is to have more local-first apps or experiences so there's less cloud / server to computer interactions to secure.