Outstanding insights (you have spent some time understanding the landscape, I am impressed!)

So a few thoughts to build on what you are saying....

Yes, the offense (attackers) are traditionally much better at sharing and collaborating. But two factors are shifting the equation a little bit. First, defenders are starting (yes, just starting) to share and collaborate more. For example look at nomoreransom.com where top security competitors are working together to publish free anti-ransomware recovery tools. Second, we will see the emerging top tier threats, nation-state players, have more of a role in cyber attacks and they traditionally DON'T like to share their toys. That puts downward pressure on collaboration by the most well funded offensive attackers.

Offense and Defense are becoming more automated. That is just the nature of cyber. We will all be talking about AI attacks/defense in the next few years as it will be the pivotal area of research. Tech is just the tool. Those who find a way to use the tools first and to the greatest effect, gain a significant advantage.

Skip the notion of absolute security. It is a marketing dream, not reality. In the real world we don't want to be impervious to attack (zero risk) as that would be far too expensive, unacceptably encumbering, and likely technically impossible anyways. That is not the goal. The real objective is to understand, attain, and sustain an 'optimal' level of security. This is where the costs, risks, and usability impacts are in the right balance for the organization. Risk is okay if it is understood, managed to the right level, and accepted by those responsible.