They are technical debt with no monetary impact however. If my servers crash and I have downtime because customers can't use my website or product that's a problem. If I suffer a massive security breach and loose all of my customers personal information, I am not going to face any consequences.
That's the whole point - if we look at the consequences of historical major breaches, they generally don't result in large number of customers actually leaving the company.
And on some level that's even appropriate as generally the whole industry is vulnerable, it's reasonable to expect that the competitors have just as bad security as the breached company, they just didn't get breached because they weren't targeted by this particular attacker or because their breaches aren't (yet) detected or because they managed to hide and not publicize that breach.
The 2013 data breach at Target is a good example of the worst case scenario because it was the first major widely publicised case, all the newer ones had far less effect because people start to understand that the breached company is not unique (like they thought in 2013 about Target) and even then they lost just ~2.5% of customers, and regained the customer confidence after 2-3 quarters. So even in the worst case scenario, 97.5% customers won't drop you, and any effect is short term, as the Target case demonstrates.
Also, with tech companies... growth is such a huge part of valuation and business plan that they will focus on acquiring new customers rather than retaining existing ones. If you are growing 5-10% quarter over quarter, loosing the 2.5% isn't really going to hurt that bad. It also is easy to explain churn if you have a breach, the board will go "oh, that makes sense" and move on.