I guess it probably depends on your business and funding approach as well. We were selling B2B and lots of our larger customers required compliance with ISO27001 or similar, so had a get some proper processes in place for that too. I'd imagine that any investors would require this too, but we were bootstrapped, so I'm not 100% on that.
Started off feeling fairly unnecessary to me, but actually it made more sense as the business grew and new people/departments started bringing in new risks that I was less familiar with.