From my past uk financial security experience - security personal can highlight and raise risks with any decision made by the business or other techies.
the higher the risk the more hoops you need to jump through for security sign off (to the point where they will not sign it off) and higher the risk, the higher up the food chain of managment that is needed to sign it off
obv if the execs are not bothered about security then anything can happen
but if something goes wrong a big finger will be pointing at that person who signed it off - which seems in it self a massive deterrent
the higher the risk the more hoops you need to jump through for security sign off (to the point where they will not sign it off) and higher the risk, the higher up the food chain of managment that is needed to sign it off
obv if the execs are not bothered about security then anything can happen
but if something goes wrong a big finger will be pointing at that person who signed it off - which seems in it self a massive deterrent