The truth is that cybersecurity is a broad topic with a lot of nuances. Some people dedicate their entire careers to only one facet of cybersecurity. Most IT teams are so focused on "fighting fires", they never have the opportunity to expand their knowledge into cybersecurity and risk management. In today's fast-paced, ever changing world, you need someone who is dedicated to cybersecurity.
While some may believe ignorance is bliss, not knowing what risks your company is facing will not hold up in the court of law. Many compliance frameworks require you to do vulnerability assessments periodically. Not knowing what risks are in your environment could be considered negligence. The best practice is to ensure you have a program in place to review your environment periodically and to always be making strides towards improvement.