To be fair, those systems were all designed during a time when every node on the internet was already well known and sysadmins had a duty to monitor abuse and nip it in the bud right away.
See also BOFH
If we attached civil liabilities to companies and their executives who failed to address abuse issues those issues would go away pretty much overnight. Otherwise it's just a cost center.