Clarification: An earlier version of this story included comments by Erdoes on the number of hacking attempts made on JPMorgan systems last year. A spokesperson clarified after the panel session that Erdoes was referring to all observed activity collected from JPMorgan’s technology assets, malicious or not.
The title is bad. One scan that generates thousands of alerts is generally considered one event. Companies that have a massive footprint naturally get many thousands of scans a day. It's normal.
Also, +60,000 people and $16 billion dollars is misleading. The people they pay the most are the ones that generally don't know shit about IT. Sure, some of those technologists are probably top-tier, but actual security experts don't usually come in large groups. There are exceptions, of course.
Large companies pay way too much for generic security solutions. In some ways they are forced, because their infrastructure is massive and they need tons of customization but there is always a fuck ton of waste.
Using big numbers sounds cool, unless you are in the industry and understand that there is a ton of fluff involved.