because cloud security (and cloud configuration in general) is hard.
people check in sensitive stuff to github repos all the time, misconfigure IAM policies just so that it works (capitalone).
It is a new and ever changing field, there are many cloud vendors and their product line and configurations change all the time - meaning it will take a lot of time until majority of IT specialists become familiar with configuring secure cloud and majority of users of those cloud services will not make security mistakes.
That only covers some cases, not the absolute of everything in the cloud eventually being hacked. Plenty of people are competent at secure cloud based systems. Your claim and your support don't match. I expected this to go more in the direction of: cloud providers are such big juicy targets they'll just be infiltrated by advanced persistent threats who in turn gain illicit access to everything hosted.
It is a new and ever changing field, there are many cloud vendors and their product line and configurations change all the time - meaning it will take a lot of time until majority of IT specialists become familiar with configuring secure cloud and majority of users of those cloud services will not make security mistakes.