The problem here is that they have created a beacon for all hackers that want to create a name for themselves. Of course they are going to have security loopholes, most web assets do, but their standards now have to magnified by a magnitude to keep intruders out.
Yeah, this is it. It only takes one SQL injection for Sony to make the news these days. Just think about the number of web properties Sony has. I wouldn’t like to have to job of securing those in the first place, let alone with a bunch crackers with a reason to target you and the associated press coverage.
Not to say that this is good; it’s awful for your users data to be exposed.
If a company or group is so big that it can not operate securely, then it is either too big or in need of major rearrangement.
Right now Sony are in the unenviable position of needing to fire-fight their many security issues while the high power spotlight is on them lighting other stray bits of touch paper. Hopefully (yeah, these hope is naive in the extreme I know) Sony will take away from this the need to get security right on all levels before the first attack and subsequent media attention, and hopefully other companies are taking the situation as a wake-up call and instigating a meaningful review of their own security mind-set (or at least double checking their policies and their adherence to them if sufficient security mind-set is already in place).
But it would seem that Sony's general culture in that arena is significantly below what could be reasonably expected, and hopefully everyone else is now actively checking to make sure theirs isn't...
