Who do you think is responsible for detecting a breach with that 0day? How about containing (and ensuring your believed containment is effective) and eradicating it? Would you rather have a dedicated security team do this, or would you prefer to have your devs wipe and rebuild naively, hoping they got everything? Even if you go MSSP, do they know your network?
Security is just as much (if not more) responding to a breach effectively and quickly as it is preventing one.
Security is just as much (if not more) responding to a breach effectively and quickly as it is preventing one.