Definitely not the case. Huge numbers of SME clients evaluate tendered work on visual inspection alone. I've only had one or two clients ever (having worked in-house, contract, and for an agency) have had any knowledge of cyber security.
I think the hypothetical above is very reasonable. Lots of technical vendors will elect to shift blame. They should take responsibility for their issues, but they often don't.
I think the hypothetical above is very reasonable. Lots of technical vendors will elect to shift blame. They should take responsibility for their issues, but they often don't.