The security effort seems poorly distributed.
Masses of front line personnel are interrogated and impacted, to little practical benefit, while the most lucrative targets are left wide open or casually scrutinized. It is locking the front door while leaving the back door ajar.
It is no different here in the US unfortunately.
Penetrating the Office of Personnel and also the firm that makes the RSA key tokens gave the attacker the ability to read almost all encrypted US DoD contractor mail as well as the ability to select people most susceptible to recruitment, at minimal cost.