No, it's because you provide a choice between "we have a process that includes threat modeling..." and "we have no process", thus excluding the vast middle ground of people who care about security but don't hire consultants.
You don't need to hire consultants to have a process. You just need to buy a book or read it for free in the internet.
You just need to think about the security implications of what you are going to to, do it keeping in mind all that could go wrong, check again what you have done, and keep a spreadsheet registering how well you are doing. And do it systematically.
I'm not saying process is bad, I'm saying you've equated process with a bunch of consulting buzzwords. You've asked leading questions. I'm just answering your question, about why I think the poll is poorly constructed.
You just need to think about the security implications of what you are going to to, do it keeping in mind all that could go wrong, check again what you have done, and keep a spreadsheet registering how well you are doing. And do it systematically.