The question isn't whether the door lock was great, but instead was there a door lock in the first place and if it was locked. If not do you continue to operate with an unlocked door or do you lock the damn door?
You cannot stop all criminals, but you can take reasonable actions (due diligence) to ensure a reasonable effort, according to industry, and timely corrective actions once a breach is known.
And one solution is enforcing consequences for incompetence.
If a construction company sends a bunch of untrained yahoos out with explosives, well, maybe the yahoos should have known better, but the company absolutely should have known better and I have no problem holding them liable.
You cannot stop all criminals, but you can take reasonable actions (due diligence) to ensure a reasonable effort, according to industry, and timely corrective actions once a breach is known.