My concern isn't so much the high cost super-secret 0-days, as the "about to be useless" 0-days (1-days?) that have just been patched, but the patches are still rolling out to people.
Also, for most people, it's not the cat photos on their phone that are of value. It's the banking credentials, business login 2FA keys, crypto 2FA, email (which allows, for almost all accounts, a password reset), etc.
I agree with that: sadly, the most pressing security risk to any consumer isn’t on my devices, but online services being breached (or disclosing) private information including passwords! Over the last years I’ve gotten data breach notifications from Equifax, AT&T, Ticketmaster, and United Healthcare (via Change.) I think the average informed tech user will benefit more from training (and reminders!) to keep your online information private than, say, telling them to avoid previewing complex file formats.
Also, for most people, it's not the cat photos on their phone that are of value. It's the banking credentials, business login 2FA keys, crypto 2FA, email (which allows, for almost all accounts, a password reset), etc.