Sony is so inept I don't even get how they are allowed to do business. This is such a lack of security compliance for a for profit that I imagine compliance auditors are drooling by now.
I work at Sony Pictures on and off, ironically about two years ago the studio went through a huge ISO 27001 compliance audit, it was a huge deal at the time. I've worked at all the major Hollywood studios and I'd probably characterize Sony as having the best physical security. I didn't work in IT so I don't know all the ins and outs of the computer system but FWIW only the PCs on the lot were affected by the hack, all the Macs and unix-like machines are still running business-as-usual over there.
"Security compliance" obviously isn't going to be enough because widespread industry standards are woefully inadequate.
56 hacks in 12 years is not a company who understands technology. It's a company with about as much technical knowhow as the musical artists they represent.
That's if you count every company called "Sony." The movie studio, the music label, the games units, the different web and streaming sites, and the different electronics divisions are all basically different companies from an IT perspective (which is fortunate, considering how much damage this hack could have done if they WERE all just one IT establishment.) And this is just speaking of Sony America, which is the parent of Sony Picture Entertainment Group, Sony Music... Sony's a huge international conglomerate, you can't boil it down to some personification that's either stupid or smart.