Reverse argument is true as well..
If corporations were not using buggy/fragile, complex, and potentially vulnerable products from Microsoft & other vendors (e.g., Oracle), there may NOT have been need of so many skilled engineers and IT departments.
All software is vulnerable, so what you're saying is not true. The only reason the products you listed seem more vulnerable is because they are focused by malicious actors due to their popularity and hence, also more often in the news.
Actually, the more the popularity or criticality of a product or system, the higher the likelihood that malicious actors may target it. So any such product or system needs adequate security measures and IT staff to protect and maintain it.
That's why iPhones and Androids get jailbroken (as they dominate the mobile OS market), that's why Windows has max viruses and worms to infect it (since it is on max number of PCs worldwide), that's why even Linux is being hacked/targeted (these days via malicious github packages, because Linux is becoming more popular, especially due to Valve's pushing SteamOS for Linux gaming).
No, I think you’ll find certain legacy corporations have terrible codebases and very little incentive to fix it, because why fix what makes money and has no liability?
Naive people in corporations think Linux and other FOSS (Free & Open Source Software) can save them from Microsoft, Oracle, etc. woes.
But the reality is that corporates have very less incentive to migrate to open-source alternatives. Because it would mean negligible/no support, less work and hence less staffing (senior management have to justify the staffing headcount somehow).
FOSS solutions typically don't get proper (or in some cases, not even any) support from the solution makers (developer company/persons).
Corporates thrive internally on liability (they always want to blame someone, easiest target are their IT staff), and thrive externally by trying to avoid liability.
e.g., Big Pharma (Pfizer, sold hundreds of millions of COVID vaccines worldwide, after ensuring those target countries (including their own country) first gave them complete indemnity from any liability for the negative effects or lack of efficacy of the vaccines.
