There’s actually published evidence of exactly that!
Where Do Security Policies Come From found that the websites with the most aggressive policies were those with the least incentive to make the system easy-to-use. Big sites like Facebook and Paypal somehow manage to be safe without the strict password requirements of <random university intranet here>. Likely because they have financial incentive to make their systems easy-to-use.
Where Do Security Policies Come From found that the websites with the most aggressive policies were those with the least incentive to make the system easy-to-use. Big sites like Facebook and Paypal somehow manage to be safe without the strict password requirements of <random university intranet here>. Likely because they have financial incentive to make their systems easy-to-use.
https://www.microsoft.com/en-us/research/wp-content/uploads/...
(Disclaimer: I know one of the authors)