A company’s core business and skillset is rarely to manage an on-prem IT infrastructure, which is a highly complex endeavor these days. Security most always benefits from being put in the hands of cloud providers such as Microsoft, Amazon, or Google, who can mobilize the best talent and apply economies of scale and modern best practices to cybersecurity across an entire stack.
It also means far fewer liability headaches for the companies that transfer this difficult and onerous responsibility to cloud providers. It’s not even necessarily cheaper to go full cloud; I’ve seen multiple examples where it wasn’t, but the reduction in complexity and liability made common sense. So even the “LaTe-StAgE CaPiTaLiSm!!” claim is just a tired trope at this point.
It’s easy to focus on one publicized exploit of Microsoft’s cloud like this one, and not see the other side of the argument of how many exploits were avoided over the years by not having individual companies manage their own servers. It’s still entirely plausible that the general move to cloud infrastructure since the late 2000s is a net win for cybersecurity in aggregate.
I would also add that whether other cloud customers might be breached simultaneously in the extremely rare event of a cloud-wide exploit is not a consideration when a company decides to move from on-prem to cloud. It’s just a Moloch problem that doesn’t and shouldn’t concern them.