"Enterprise" and "you know what you're doing" don't go hand-in-hand. You might know what you're doing, but does everyone else at your enterprise?

Every single devops person who can push a CL to staging (that may not get properly reviewed)? Every marketing whiz who is using a dataviz tool against a cloud storage bucket you didn't even know existed? Every support engineer who is on-call at 2:#0am and can fix a customer's problem with one tiny IAM change?

I think that is obviously the case.

That being said, one of the reasons these things sell is that the majority of people sitting behind computers in large enterprises absolutely DO NOT have any idea what they were doing.

Once you get to a certain scale, the idea that you can "just be competent" and maintain high standards and configure your boxes the right way the first time every time btecomes logistically impossible.

Liability and insurance also is a big concern for large companies. The ability to blame somebody else for your security failings and check off all the silly boxes is pretty valuable. I'm sure consumer windows antivirus software would become a big hit again if you were for all intents and purposes being legally strong armed into purchasing it.