Some folks in our industry do use exploitative sales tactics, but that is not fair blanket statement. Services like preventing phishing, for example, are a big deal and I don't think I have to convince anyone it is a real threat. Most of us just use honesty about actual risks, not FUD. Just making people aware of security as a concern, from HR to developers can have a big impact and mitigate real risks.
