In our modern age, security is a feature. You can sell it. If you get caught without it your brand and your customers can be hurt. So, why are there so many insecure websites, web applications, and web services? If product managers and product owners had security in mind as a feature would we be in such a sad state of affairs?
Just look at the last short period of time. Social engineering and research were used to get into celebrity data, Home Depot became the latest major retailer in a long line to have credit and debit card information stolen, and HealthCare.gov was even breached. This isn't just for the large and visible. I'm aware of many small sites and applications who've been hacked.
A Foundational Feature
Security is a foundational feature when something is being built. You need to bake security in from the beginnings. It's not something you can easily bolt on later. When you lay the groundwork for an application start with security in mind.
Security Improvement Sprints
I've heard of agile scrum sprints to work on features, fix bugs, and even remove code debt. There should be regular sprints focused on improving security.
To come up with features for the sprints look at how other products are handling security, look at companies like CloudFlare, and perform a threat analysis of your own setup. At any given time these will provide a long list of features to work on.
Market the Security
Once you've made of point of securing your products and services take the time to talk about and market the security. There are a lot of people who want more secure setups. Let customers, users, and those would could be customers and users know what you're doing.