There are many reasons, but here’s the top one for me:
Attackers only have to be successful one time out of as many tries as they want to take to compromise you. On the other hand, defenders have to be right every time they are attacked, otherwise there is a huge mess to clean up and blame will come your way.
Here’s a close second reason:
There are always more facts about your context as a defender than you can possibly know, and you always wonder if you know the most important ones. That includes the nuances of every technology on your stack, the critical processes that run through that tech, and the latest vulnerabilities you haven’t heard about yet.
It can be overwhelming just thinking about it!