Ok this is a _fascinating_ comment. (thanks for the discussion as always by the way!)
Is there a link between the market for security engineering talent and the leverage that the security engineers have within their organizations? Are you seeing anecdotes play out in the industry that inspire hope that the balance of power in business decisions is shifting toward the engineers?
I don't think engineers automatically agree with you that organizations should pay less money for the services they're working on, is the issue here. It feels like a lot of people on this thread are convinced that Very Annoying Things are, per se, moral catastrophes. But they aren't. Services cost what they cost.
A literally equivalent way to look at the SSO tax is "the no SSO rebate". As a security engineer, I'm not prepared to launch a moral crusade over SMBs who don't adopt SSO on all their random SAAS apps; meanwhile, we're SSO on everything, and it costs us extra money, and that's life in the National Foosball League.
Since the whole point of the SSO tax is to segment out small companies from larger ones, mass adoption of single signon by small companies is a problem that will solve itself, as SSO stops being a good segmentation signal.
Is there a link between the market for security engineering talent and the leverage that the security engineers have within their organizations? Are you seeing anecdotes play out in the industry that inspire hope that the balance of power in business decisions is shifting toward the engineers?