I remember when I was working as a security consultant doing a "safe" Nessus scan of a relatively small organization that happened to have a mainframe. The mere act of scanning the ports on the mainframe caused it to crash. The whole thing had to be rebooted and it took HOURS. Essentially, a whole day of work was lost.
When we met with the CSO to talk about it he was both happy and sad: Happy that we discovered such a huge vulnerability and sad that he was going to have to explain to his superiors that an action that he undertook (hiring security consultants to perform a scan) cost the business a lot of money.
I later found out that he was fired because of the incident.
That right there explains a lot about the state of IT security in business right now.