That's probably true for consumers. For large, global corporations, IPv6 is a million miles away. I've worked with several, and they all have poorly managed kit, vulnerabilities everywhere, poor documentation/diagrams, poor performance, millions of firewall rules, tons of vendors to connect with, outsourced wireless vendors, remote access solutions that are a byzantine security mess, ... IPv6 is suicidal for most large organizations beyond ok we can speak IPv6 for a small part of the infrastructure. Add to this the recent deluge of VPNs everywhere (probably due to WireGuard) and container networking, IPv6 would be a recipe for disaster. Security is difficult in this scenario, in part due to the people implementing this stuff don't have a good handle on what they are doing.