At some point the project CEOs might regret not paying larger rewards when they notice that the bug hunters become information sellers.
The feeling that you are paying for the security team and the people who are active in searching for bugs is terrifying because it is a double-edged sword.
If you put a prize of $50,000 to hack your site, you will attract hackers to try to hack your site more than what would happen in the normal situation.
In short, it is the economics of cost, as profits are in exchange for security, and therefore many CEOs do not care about the privacy of customers and their data as long as a reasonable profit is achieved.
Thus, you will find that most campaigns focus on deep bugs that may lead to losing their money.