I'm not really sure what point you're making. Is the point that it is harder to to secure more things? Is it that security events happen more frequently the higher your number of employees goes?

If so, I bristle at this way that many developers (not necessarily you, but generally) view security: "It's red or it's green."

Attack surface going up as the number of employees rises is expected, and the goal is to manage the risk in the portfolio, not to ensure perfect compliance, because you won't, ever.