Don't be a "bait ball"
I bring this up because I recently heard some decision makers saying "Well there are a lot more vulnerable targets than us, maybe the hackers will just leave us alone." This is typically in response to an audit finding or a vulnerability that was successfully exploited during a penetration test that isn't cheaply and easily fixed. I have also heard from cyber security "professionals" in the past but that is typically a response from a non-technical person.
Don't let your business be part of the bait ball.