Not everyone attacking your systems is going to have the skills or knowledge to get in though - simple tricks (like hiding what web server you use) can prevent casual attacks from script kiddies and others who aren't committed to targeting you, freeing your security teams to focus on the serious threats.
And this is based on what evidence? It also defies logic. By definition script-kiddies run scripts. If you remove the identification those scripts can no longer identify what is running, and therefore will continue to attack it. What would be useful is to replace that with alternative "disinformation" headers so that the script-kiddies scripts will get a positive result, but that result will not be what they are looking for, so they will go away. Until having disinformation headers gets the same "old wives tale" status as "remove the identifying headers". At which point either course of either action is a waste of effort and $$$ because the script-kiddies will just ignore it as it will be just as cost effective to run the exploit and see what happens. In other words, simple tricks are exactly that. They usually do exactly the opposite of what the "simple tricker" thought they were doing, or do nothing useful at all. Which means that effort and $$$ have been expended at best on a useless endeavour, and at worst one which increased the very activity it was designed to thwart. One would have been far better off putting the $$$ in the slush-fund and using it when some particularly persistent script-kiddie showed up so you could afford to add a filter to the firewall. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.