Broadly, yes, almost all NFC based access systems are insecure and pretty broken. They mostly operate via security via obscurity, and the fact that anyone serious about security that deploys these systems will put a huge amount of effort into identifying one of an actually secure systems. More likely they will pair the NFC element with multiple other secure elements, such as photo badges, big security humans that demand people keep their badges visible, and card + pin entry on all important access points.
A big part of the reason why these Apple Wallet systems have taken so long to appear is because Apple seems to refuse to integrate with any system that isn’t built using secure cryptography. Turns out there aren’t many systems out there that use strong cryptography, rather than cryptographic systems that have been broken for decades.
Actually getting information on how any particular system actually provides its “security” is extremely difficult. Mostly you have to figure it out by being familiar with the different systems out there, and different NFC systems. Then it’s possible to parse the marketing terms into actual technical specifications that might give a hint at how a system works. The only sure fire way to find out, is to buy parts of the system (such as access tokens or readers), and evaluate the hardware using various NFC and RFID hacking tools to figure what manner of awful design this particular system uses.