Some government departments do try but the issue is always funding or the lack of it and resources. I know of one departments who had their budgets cut and can't even do simple vulnerability scans and another big department who only have four internal audits for the whole country.
One thing that I did not see in your list was an emergency fund if you do not have one maybe also start that. I have been using Tymebank savings pocket.
Budget is R70k and I am just underneath it now took some of your advice and updated my build. I do not need that many cores but rather have them for just in case I do if for example I do password cracking.