Here’s a great example of the vast gulf between consumer and government security standards, at least in the US. This vendor, as an example, must provide an auditable set of security standards in order to do business with the government.
Why can’t we, the public, demand a similar set of standards for social media, online commerce, public cloud hosting, etc.
See: Internet Bill of Rights.
Who would audit such practices?
Food for thought!