Even not SOC compliance just liability of a company.
If stuff fails and company gets sued - they will have to prove that they "follow industry standards" because if they don't follow industry standards then all kinds of bad stuff can follow.
IF you get ransom-ware and have an insurance - see the exclusions - you have to have EDR software on each server otherwise insurance won't pay.
Not following industry standards in terms of code - the same no insurance company will pay if they catch you on just doing stuff.
So running a business all kind of BS and it is not optional and just slinging out code is not enough.
If stuff fails and company gets sued - they will have to prove that they "follow industry standards" because if they don't follow industry standards then all kinds of bad stuff can follow.
IF you get ransom-ware and have an insurance - see the exclusions - you have to have EDR software on each server otherwise insurance won't pay.
Not following industry standards in terms of code - the same no insurance company will pay if they catch you on just doing stuff.
So running a business all kind of BS and it is not optional and just slinging out code is not enough.