alt Hacker NewsI see it a little differently. I would change your statement to the following:
It's not about securing your device from external threats or bad actors; it's about securing the organization from any blame / wrongdoing.
Most organizations today are looking high and low to shove the blame to others instead of taking responsibility.
It's related, but GP is still right to bring it up - it's the one question that is most important wrt. security, and also conveniently the least often asked: security for who, and from what? "Security" isn't an absolute good.