Because security experts seem to have this slight dismissive attitude about companies' and individuals' attempts to do security, while not usually having answers or providing secure systems.
Sadly most so-called security experts are not hands-on professionals but hands-off "cybersecurity persons". They do not do any real work themselves, they only generate useless busywork for others.
There are people in that category who are not hands-on themselves but still have sufficiently deep understanding of technical details. But as one might guess, they are about as common as four-leaf clovers.
