It's valuable feedback to keep in mind; A host should be concerned with how a customer feels about their hosting environment's security.
However, it is often the site code's vulnerabilities that are exploited and not the hosting infrastructure. I think this article hits the nail on the head in regards to this issue from a web host's perspective without being condescending: http://perezbox.com/2014/11/how-hosts-manage-your-website-security/
(The article addresses how other third-party security add-ons like Sitelock works briefly and it's not much different from the preventative blocks a typical host employs.)
That said, a host can definitely have vulnerabilities and they absolutely should address those quickly and swiftly. As for what you can do, keeping your WordPress, plugins, themes, and any other things you add to the site updated really is the best preventative measure when coupled with some of the other suggestions here: http://codex.wordpress.org/Hardening_WordPress
Regardless, peace-of-mind for customers is important, so I'm not trying to dismiss your point at all or anything. Maybe it would be beneficial for them to employ a third-party solution like you suggested to improve the customer's perception.