Actually, IMO current security tools should indeed be able to stop most attacks, if used correctly. I think anti-exploit and sandboxing, are probably the best solutions. Of course, older technologies like white-listing and firewalls are also still important.
From the same survey So when 58% think their IT-infrastructure might have been breached by a foreign state attack or an APT, how can 78 percent still be confident that FW + AV are robust enough to combat today's advanced persistent threat, considering a sponsored state attack is an example of an advanced persistent threat. That's strange, so let's read the report, and find out what it actually reports to question This makes sense, the blog quoting this research uses it in a suggestive manner