Integrating security into the entire development process beginning at requirements, continuing in design, implemented in coding and verified in testing, MUST become a part of our development DNA! Creating great threat models is going to require that the threat models be part of your development process, not just documents that sit on a shelf. Working to ensure that threat models are widely consumed is important.
Back to your question. My personal experience is that people are aware of the security aspects their systems are facing but they don't know how to share their concerns effectively with all the stakeholders involved. In the past, I worked for an organization operating globally which took cybersecurity very seriously and put incredible effort to introduce the Threat Modeling into the development life cycle... and they succeeded! And more companies are joining this path opening the door for producing software that's secure by design.
We at www.sparxsystems.eu
can help Security Experts build a more dynamic security ecosystem.