[trashb]

I see it a little differently. I would change your statement to the following:

It's not about securing your device from external threats or bad actors; it's about securing the organization from any blame / wrongdoing.

Most organizations today are looking high and low to shove the blame to others instead of taking responsibility.

[TeMPOraL]

It's related, but GP is still right to bring it up - it's the one question that is most important wrt. security, and also conveniently the least often asked: security for who, and from what? "Security" isn't an absolute good.