I mostly agree with your point but I would say the exception is when the success of the company is closely tied to their security practices or their security features are their business. Okta being a good example, when it took a 10% drop after the breach last year.
> I mostly agree with your point but I would say the exception is when the success of the company is closely tied to their security practices or their security features are their business.
The problem is bad security practices don't become clear until it's too late for the customers. A company can coast on reputation for a long time, while its stuff fails to keep up in non-obvious ways.
