The reason that the blame is shifted toward "hackers" is that being proactive with security, while the right thing to do, costs money and time. In a market where software from different vendors is usually only determined by price and update frequency spending additional money and time is a competitive disadvantage. However, if you can push your security failings off onto "hackers" not only do you minimize costs but your customers, if they're not sufficiently savvy to this game, think that you're the better vendor because you're able to "beat hackers at their own game".

Nowhere is this mindset more prevalent than in the anti-virus software field, which of course is another can of worms itself.