If your companies top priority is to keep data secure, they how/why did you get hacked. They always say that, but clearly that is not the Top Priority
I see you're doing your part by not using dangerous apostrophes where they are needed!
Implicit in any company's statement that security is their top priority is the large bundle of compromises that don't go away whether or not that is your top priority. They could make the data perfectly secure by disconnecting the servers and putting them in a bank vault. They could make sure the data can't be breached by simply destroying all of it. See?
Security can be your Top Priority, but it has to be done in the context of things like still making it available to users across the internet. Doing it while not going bankrupt. Making the service competitively priced so that it can actually be afforded and put to work.
They could have said that the system could only be used on equipment they ship to their clients, connected to the back end through a hardware-based dedicated VPN with biometrics, dongles, and constant nagging by three-factor comms surrounding every time someone hits the enter key
They may very well put security at a higher priority than chipping away at a long list of UX updates, performance under load, documentation, multi-language support, and a thousand other things. Doesn't mean that doing so means they'll be perfect in their security results. Ever run a business like that? No? Give it a whirl. Make security your top priority, and then start paying attention to what that decision means in real life - including in your ability to get and retain customers during that balancing act.