"How do you manage security keys?"
"What encryption do you use?"
Unless you are self-employed, they are massive questions full of nuance and probably have 50 different answers on 50 different systems but these companies believe they have the right to ask.
I know we can use a Security-as-a-service company to answer these on our behalf but I wondered what more established companies do? Do you just say, "here is the standard security page and that's all you're getting", or do you also spend many hours answering "what backups do you take?"
Pricing should reflect both the cost of providing responses to security questionnaires and a healthy profit from doing so. And it can. Even if it costs you customers because that's part of the base cost in your pricing.
And it probably won't cost many customers because anyone asking you to fill out a security questionnaire is price insensitive enough to pay salaries (or consultants) to do all the dull work of creating questionnaires, figuring out who to send them to, sending-receiving-pestering-etc., and maybe even doing something with the results. And that person has a manager.
There's a river of money there to grow a questionnaire response profit center.
good luck.