These frameworks don’t guarantee security, but there is a stark difference between companies that do this and those who don’t. Companies that follow these frameworks are at least attempting to be secure.
In my experience, the companies not following these frameworks aren't even _performing_ security.
Everyone here is correct that you need more than just these frameworks/audits to be secure. However, most companies that are secure following these frameworks. If you're secure, these frameworks are a no-brainer to certify against.