At the time they were hacked, at least according to multiple sources, Sony had no firewalls and were using old versions of Apache and RedHat that hadn't been updated to the latest security patches. So yes the Sony sysadmins are incompetent, but I think the leaders at Anonymous are a bit smart too. You also have to consider that if 100 people are looking for a security hole in the same piece of software, they're probably, eventually, going to find it.
Neither, making a 100% sure that every security hole is plugged takes time, and as such money. Corporations simply do not want to pay extra for this (in most cases).<p>The Anonymous guys on the other hand do it in their free time and as such have a far greater amount of time available to find bugs than the developers had to find&fix them.<p>On top of that most "hacks" by Anonymous are done using automated tools that find and exploit SQL Injection vulnerabilities. Combine that with that Anon doesn't publicize about the times they don't get in, it's easy to make it look like you know what you're doing. But if they find a SQLi vulnerability in 1 in every 10.000 websites they 'test' it's suddenly not that impressive any more.
What may seem easy, may not be. When written down and explained, things often sound trivial (so do the Anonymous hacks too), but it often takes a lot more than trivialities to actually do it.<p>They're not super smart, nor are the Sony developers/admins super incompetent. They're just average people making mistakes or taking advantage of others' mistakes.<p>Could Sony have done better? Yes, of course! They made some very stupid mistakes. Does that make the admins incompetent? Not necessarily. Nor do the holes in their systems make Anonymous super-smart.
I'd go with the latter. Remember, the highly paid web guys at the large organizations find out about alot of the 0-day attacks around the same time the rest of us do.