Western companies have the exact same problem though; I've dealt with plenty of incompetent people there too because the organization does not reward technical excellence and quality, so it is completely pragmatic for employees to focus their time on the things that are rewarded (engaging in politics, etc) instead.
During the startup/ZIRP era there might have been people doing the "right" thing because they had skin in the game thanks to stock options or they were paid just so fucking much that they didn't care about putting in the extra work. But as total comps go downward (coupled with inflation) the output's quality tends to regress to the minimum acceptable.
> I've dealt with plenty of incompetent people there too because the organization does not reward technical excellence and quality
Organizational dysfunction transcends all boundaries, but to a certain extent the kind of issues that lead to the kind of incident such as the one above happen because the affected product (e-Dukaan) is viewed as a cost center by Tata Motors.
Sadly, in most cases, a lot of security will always be viewed as a cost center and never prioritized unless forced to due to insurance, audit, or regulatory pressure.
That said, a thesis I've had for a couple years now is that if we can successfully shift-left by turning security into a DevTool problem as well as an organizational problem, we can both reduce remediation time as well as build stickiness for security products. The AppSec category has definetly adopted this kind of mindset.