Supposing that they, y’know, try to keep their setups secure anyway. With how much you see about breaches of different sites, it’s hard to imagine individuals and smaller groups being able to keep their stuff secure.
Although, they may also benefit from being lower value targets in some respects, I suppose?
Thoughts, prayers, and getting the low hanging fruit down (disabling root login, ssh public keys, updates)