Here in the EU cybersecurity is actually being regulated, with heavy fines to come (15 million euros or 2.5% of global turnover!), if it wasn't already. Look up the CRA and the NIS2.
Things may well reach a point elsewhere in the world finding out that some software is for sale in the European Union is itself a marker of quality, and therefore justifies some premium.
These are good developments, but it remains to be seen how much of impact they will have. Software developers will have to follow a bunch of “best practices”, but there isn’t a requirement that they are good at them. There are no fines for producing insecure software, only fines for not following the rules.
Software providers are also likely to be specifying narrow “fit for purpose” statements and short (ish) support window. If costs go up too much, people will be using “inappropriate” and/or EOL stuff because the “right thing” is too expensive.
To be clear, this is a step in the right direction but is not the panacea.
Things may well reach a point elsewhere in the world finding out that some software is for sale in the European Union is itself a marker of quality, and therefore justifies some premium.