There's no need to teach CS grads about security. Here's why:
If a cyber security breach happens, then the company that produced and sold the vulnerable software is never responsible. All end user rights have been signed away in a EULA or some other crooked scheme, so the end user gets to shoulder all the risk.
Since the company sees no impact of a cybersecurity incident, the company execs take no hit. Since they take no hit, the programmers and CS grads who wrote the crap software that caused the problem in the first place also see no impact.
Did people stop shopping at Target? Nope. Are any of the companies that have recently been breached seen senior executives going to jail? Nope. Maybe a few people got fired and stock prices temporarily dipped, but there's so many of these breaches lately that they are all getting lost in the noise.
So there's no point in teaching the CS grads anything about cybersecurity, since it doesn't mean anything to them. It doesn't make them any money and the companies that will be hiring them don't give a damn either.