So to recap: Security systems are physically insecure, and to what degree they have been compromised is something that should make you second guess your safety. If my original post gave the impression that all systems were compromised, then I apologize, but the number is almost certainly non-zero.
One idea to fix this problem, and give deckers more to do, and make security systems a bigger part of the game, and make it so deckers could work together would be to eliminate the physical configuration. So, here's how I would approach that.
Start with devices. Give each a unique address. Make all the code go through the address lookup when talking to devices. Populate the table of existing devices with their addresses. Replace all the devices with their present addresses so everything works the way it does now. Now if a device address changes, the security system will need to be reconfigured. Make it so a devices address can change.
Add a menu based configuration system, similar to how employment terminals work. Allow -authorized- users to add and remove devices by address (not by the device itself, but by the address of the device which CAN change!). Remove the scan/unscan verbs entirely, replace it with the menu. Make them also able to modify the address, and the device password from the menu system. Prevent access to the menu system without a password.
Now with these two changes, all that we've done is make signal routing address based and addresses are tied to devices, and we've made that routing configurable through a menu interface instead of the scan/unscan verbs. So far, nothing really has changed, except that you can tie two devices together without them both physically being in the same room if you know one of those devices addresses.
Next, make a deck. Allow a decker using a deck to type in the address of a device to access. Prompt them for the password. Upon success, give them access to the menu. This works even when you are not in the same room as the device, making the deck the security expert's critical tool.
Now you can configure a device even when your not in the same room as it, IF and ONLY IF you know the device's address, password, and own a deck. Now deckers can work from home after the initial setup, but will still need to be on site for a compromise.
Now for the fun part!
Buy a firewall. (We will assume for game balance reasons that these are one time use items.) Install it on your device via the deck (the only way to install a firewall on a device is with a deck). Type in the address of the device, and select install firewall.
Buy ICE (also can only be installed once). Install it on the firewall of the device. Type in the address of the device, and select install ICE (does not work without a firewall). Do a skill check to see how good the ICE is.
Buy a virus (one time use). Attack the device. No firewall? A password spoofer virus is cheap and effective. Firewall? What virus you want will depend on what ICE they have installed. Start with a scanner, see what their firewall looks like. They have Safe? Run Drill. They have a SeeingEye? Run Inviz. Your skill check will be checked against the installers skill check to see if they bypass the ICE. If they do, it's one less thing in the firewall to bypass. If they don't, they run a risk of alarming. Make this a timed operation before your 'caught'. Make how long before your caught a function of your skill over the firewall installers skill.
Upon knocking down all the ICE in the firewall, run a skill check to see how long you get access for; Anywhere from a few seconds to hours.
Fail a skill check along the way? Take damage!
Finally... Upon gaining unauthorized access to the system, allow them to modify the configuration -temporarily- in an overlay setting. They could, for instance, route a hub to their own workbench, which would allow them to their workbench for the duration of the hack. When the timer runs out, the 'normal' configuration is restored.
Here's what I like about this.
First of all, it makes deckers relevant. Highly relevant. They would be required to effectively set up a building's security system and maintain it on an ongoing basis.
Secondly, it would close the massive exploit in existing security systems (at least ones that were properly protected, and I assume that the corps would have protected theirs by now having had them for so long).
Third, it would give deckers new roles, create new highly sought after items for trading, and new ways to secure systems.
Fourth, it opens up new opportunities for creativity in terms of ways of securing and attacking systems, depending on the rules of the game. Maybe you don't care so much about your camera feed, but you'll be damned if they can get access to your door, so that's where all your ICE goes. Conversely, maybe you don't have to get access to his door if you can see inside the place to accomplish your mission.
Fifth, it fits entirely within the theme, within the game, within text, without building all new systems, utilizing the existing code and infrastructure that's already built out, and without really changing much about how things work today. It's just an enhancement to security systems. That's all.
Sixth, it's very easy to balance. There's so many points of balance, starting with the addresses. Don't know a devices address? You can't even start to hack it. Period. You'll need a security scanner device for that (which are also in the game) just to get it's current address. And when it's discovered that the address has been compromised, it can be changed by it's rightful owner. Then the ICE of varying configurations and needing to buy viruses. And then there's the configuration of the firewall itself with the ICE. There could be passive ICE which isn't seen but alerts the authorities on a failed skill check. Or broadcasts a public SIC. Or just straight up doubles the damage of the active ICE. There's also 'deck armor'. The list of possibilities is limitless.
Seventh, it can be implemented in phases. Start with device address routing. Make that work so security systems work exactly the way they do now with addresses that can change. Then add the configuration menu that replaces scan/unscan, add changing of device address and password, and remove the scan/unscan verbs. Next, make the deck, give it the ability to invoke the menu remotely via the address. So far so good. Next up is firewall and ICE and overlay configurations. Make those work but bypassed via physical configuration, so deckers can be broken but security systems and installs still work. Get that working right. Once you've got basic hacking done, add more software and more software features; Active ICE. Passive ICE. Deck armor. Firewall scanners. Release these into the economy. Watch people scramble to become the hottest decker. Corp sec and hacking groups is the obvious start, but where does it end?
Finally... it gives deckers a reason to work together which seems to be what people are hungry for (albeit for very little gain in some cases). You can only be cracking/configuring one system at a time... a time consuming and potentially deadly task. Having someone else work on another part of the system could be invaluable, and it does't require any clunky, unrealistic mechanics.
In Cyberpunk, deckers should be feared the same as street sams, if not more so. I think this would be a great start on the road to that.