Yes, it's a top line item for a security testing firm.

Good security standards and practices are known. A good posture here puts you in good shape to easily circumvent and shutdown a direct attempt on someone gaining access.

That said, have you looked and what makes a secure password now?

"Hey! How do we keep our private data both secure and private?!"
"Let's copy it up to a cloud storage service!"