I don't understand the problem. The incentives seem to be aligned.

The IdP company makes money off their security product. This means they are more likely to invest into security, because it's their business that is at stake.

Meanwhile the average company doesn't make money off a secure authentication flow. They make money from selling their SaaS product. Their goal is to spend as little on security as possible.