In a way the WAN port getting fried is kind of a simple surge protector (circuit breaker) that prevents the remainder of the board from getting fried too. It would be less of a hassle if the WAN onboard RJ45 jack would be easily exchangeable.
Integrating a surge protector into the board, suppose that would mean a regulator/transformer (in lieu of an external arrestor), will only work within the specifications of such protector and in the event exceeding the specified protection limits would get fried too, unless the protector has a fuse switch that pops during a surcharge and that can be reset afterwards.
I would reckon the first place is the shielding (surge immunity) of the cabling leading up from the ISP’s (also power provider) junction box to the WAN port, always assuming that either provider has proper surge protection in place at the last junction box prior branching off to the customer premises.
Apparently subsurface and aerial cabling is susceptible to indirect lightning side flashes all the same https://keystonecompliance.com/lightning-and-surge-testing/
Indirect lightning side flashes occur when the current jumps from one object to another. This jump occurs through the air and can be for considerable distances. The second type of indirect lightning strike is from a ground current. Essentially, the lightning reaches the ground and then travels to another object. The impacts of indirect lightning strikes can occur over a half of a mile away from the site of the lightning strike.
The indirect effects of lightning on electronics can be significant. The sudden rush of electromagnetic energy and voltage is carried by device’s cabling. The surge of energy can damage cables and connected components as it takes a path of least resistance. The indirect lightning effects can be originated from the ground, power lines or metal objects that the device is either connected to or near.