I think the USA’s people who need everything to be glitzy and on the network accessible immediately 24x7 can share some blame for the abysmal security overall. There’s no problem in existence anymore that somebody isn’t advocating a web site for. Old, dead, unneeded and unused servers are left behind once the money for any trite project is used up.
If I understand you correctly, it is the user not the provider’s fault. I don’t, but most people do assume a site is secure to some extent. When it comes to federal sites, the money is there to obtain and maintain a high level of security. But the money is spent on parties in Vegas and other necessities.