Agreed. As an ISO 27001 auditor I see a growing demand for security compliance certification / attestations (ISO 27001, SOC 2), and it's client driven 95% of the time. So, in the end, it’s often worth it to go ahead and do it.
ISO 27001 is more affordable (2k-3k for audit, and additional 1k-3k for external provider to manage everything for you), SOC 2 will set you back at least 10k
Third party cyber risk management is a hot topic in cyber security at the moment. If you want people to buy your solution, you need to be able to demonstrate you have appropriate information security controls. A good way to do that is ISO 27001, all the way up to SOC reports.
ISO 27001 is more affordable (2k-3k for audit, and additional 1k-3k for external provider to manage everything for you), SOC 2 will set you back at least 10k