Alik is out in the field helping customers bake security into their product cycles. Of course, customers ask how much does it cost to implement Security Engineering practices? The answer is, of course, ... it depends. The flip side is, what's the cost of NOT doing it?
I think understanding the cost of NOT doing it is important because it gets you thinking about risk and impact. This sets the stage for an informed business case for security. While your business case mileage may vary, you'll get further with it, than without it.