A larger company is more likely to have its security comprimised. If you have 100,000 employees or more, chances are there are people outside IT with the both the technical knowledge and lack of moral fiber needed to do things they shouldn't. That's not so likely in a non-tech company with 20 people. Secondly, it's a certainty that large companies like Microsoft & Boeing are targeted by skilled hackers every day, while a small company who serves only local customers may not be.

Still, that's no excuse, because the possibility of both scenarios exists for all organizations regardless of size.