Not entirely.Of primary importance is the fact that the user is the greatest risk to the security of their own systems and data. Whilst the entire business of hacking and exploiting systems has moved inexorably from teenagers in their bedrooms to organized crime and state sponsored actors, the risks have changed greatly. Today, the primary aim is to exploit holes in corporates, and particularly those systems which contain user data. There's far more profit to be made from social engineering vectors than direct attacks, and users are far more vulnerable to phishing and scamming.
The aim is to spray everywhere and you get what you get.
If you're a corporate, sure you're going to be phished, or otherwise explicitly targeted via higher effort, customized attacks.
If you're a nobody you're still liable to getting owned via a browser exploit of a hacked site you visit. A site that was likely compromised via worm launched from a botnet. Or an SMS exploit, mail exploit, etc.
Nobody is safe from attack, because it costs so little to basically target everybody via website compromising worms, etc.. The effort required to target YOU is basically zero. Prepare appropriately.
Assuming you aren't a target is the biggest security mistake you can make.