Pantheon (https://www.getpantheon.com/) has become the new standard of excellence in commercial Drupal hosting, and I like to use it as a basis of comparison for our hosting service. In other words, if we can't provide something better, then we shouldn't be doing it.
Of course, there are differences that make comparison difficult, and one of those is that Pantheon is not a fully managed service, i.e. you need some developer time to keep things secure, whereas at Blackfly Solutions we only offer a fully-managed secure Drupal platform, what I call 'extended warranty Drupal hosting'.
So this article: https://www.getpantheon.com/blog/security-customer-success tells me that Pantheon isn't yet a comparable option for most of our clients. Specifically, scroll down to the part where they encourage developers to offer a security support offering (i.e. the thing that is included in our service), and you'll see that they estimate that at $1500/yr (i.e. about $125/month).
The alternative is also not pretty - I just moved a client to my servers who had been on their own server that they were managing. They hadn't updated Drupal core for several years, and hadn't even realized that their site had been hacked during the previous month. So the cost of not doing those security updates has the potential to be even more.
Website security is hard, with constantly moving adversaries and evolving tools. Here at Blackfly Solutions, security is a core value, not an optional add-on service.