These costs don't include the cost of provisioned IOPS, right? Without provisioned IOPS, the I/O performance is going to range from "very low" to "low", not "low" to "very high".
If you view money spend on reducing risk that ended up not being fulfilled, I believe you are correct.
However, one major component of businesses that private individuals do not understand is the value of risk reduction. In a major sense, many businesses are in the business of reducing or quantifying risk.
To an individual, it may not be worth $100k to make sure everything runs correctly. To a business, that might be an easy decision.
It is especially compounded because private individuals don't typically calculate the cost of their time. If a business can spend $100k to make sure their website doesn't go down, their ROI calculation is: probability_of_downtime * cost_per_unit_downtime + cost_to_fix + cost_to_report_causes + cost_to_explain_why_it_happened.
At $100 - $300 per hour per employee, costs rise FAST.
Businesses need to control risk, and will pay money to do so.