I would go with a company that has a reputation. If you go find some randoms in an IRC channel they might take advantage of anything they find. A little crowdsourced service that offers rewards for finding vulnerabilities in your system might be a success but good luck managing that and dealing with the people you got tricked into hacking.
One thing to consider is the password manager generated security questions. Half the customer service agents out there will accept "it is just a bunch of random characters i typed". Security questions should go the "correct horse battery staple" route.
My security answers are often random "junk". I've tried to social engineer my way into my own accounts a couple of time - and all of them have insisted on me reading out the full "answer".
This doesn't work for Wells Fargo, at least IME as of 9 months ago. I didn't have access to my main password manager (only a phone, I was on a trip), but they did just accept my answer of "random chars generated by a password manager". After that, I went and changed security answers on anything important, I just made a script that pulls random words from a dictionary.
While some services are secure, without testing it isn't safe to assume that any particular service is. And even with testing, it can vary depending on the particular CSA. So in general, I don't think this is a good idea, since there is no way of knowing if any particular service will be secure.
Here in the UK, it seems that most reputable organisations are GDPR conscious. I've deliberately got my birthday slightly wrong to see what they do - 100% of the time they refuse to proceed.
One thing to consider is the password manager generated security questions. Half the customer service agents out there will accept "it is just a bunch of random characters i typed". Security questions should go the "correct horse battery staple" route.