I'm eager to see what people here have to say about this poll, but it's so badly constructed that I'm not hopeful about the quality of the results. I've thought about posting a similar poll, but it would be self-serving.
No, it's because you provide a choice between "we have a process that includes threat modeling..." and "we have no process", thus excluding the vast middle ground of people who care about security but don't hire consultants.
You don't need to hire consultants to have a process. You just need to buy a book or read it for free in the internet.
You just need to think about the security implications of what you are going to to, do it keeping in mind all that could go wrong, check again what you have done, and keep a spreadsheet registering how well you are doing. And do it systematically.
I'm not saying process is bad, I'm saying you've equated process with a bunch of consulting buzzwords. You've asked leading questions. I'm just answering your question, about why I think the poll is poorly constructed.
If you do, I can ask the moderator to delete this one.