The US and UK security services have noted that difference and can shape generations of code, funding, standards, trade and competition policy.
An average company thats incompetent due to hardware and software limitations gets contracts, good press and friendly govs buy in for their own staff, education and clear standards for banking.
Thats a lot of historic power and cash to shape funding to a few US brands globally within the 5 eye nations and other friendly Western powers.
The next method is to set encryption at a level that keeps the press/other users out of a network but is 100% law enforcement friendly.
Over decades that access, funding, standards offers a perfect look down system into wider consumer networks.
If all that still cannot keep weak networks and plain text access try the Cybersecurity Information Sharing Act, or CISA.
Immunity to share all data with govs and mil looking for "cyber threat indicators". All that strong encryption for the network reverts to plain text at some point in the system and thats where a company will be waiting to sort domestic data.