How do you explain value of good networking security and enterprise gear?

I'm a volunteer for two non-profits that share a office space.

I'm struggling to explain some of the infrastructure/security changes we've done.

I hear things like:

• My home internet is simpler
• I want all the passwords, so I can fix it myself.
• Who would want to hack us?
• Our data isn't that critical, we don't need backups.

Things we've done:

• WPA2 Enterprise - they have a lot of casual volunteer staff, and even full-time staff changes a fair bit, so this helps us avoid having to rotate keys (although I think they never bothered to before).
• Separate VLANs/VRFs for the two tenants, as well as VoIP traffic, and also audio/video traffic
• 802.1x for port access control and a NAC (PacketFence) - they rent out the space to other people/groups, and often have visitors in the building.
• Layer 7 QoS - We recently upgraded them from 5Mbps/5Mbps to 100Mbps/40Mpbs - however, staff still complain about speed or "general internet issues". I suspect some of this is related to cloud storage (iCloud, Dropbox, Google Drive etc.) For example - one staff member backed up 50GB of video in 2 hours but didn't realise. (I should probably implement fq_codel or something).
• Suricata as a IDS - not sure how to explain this in layman's terms.

Things I'm still getting a handle on:

• They use VoIP telephony, and complain about call dropouts.
• One of the tenants processes credit-card information, so we try to segregate their traffic. They're not strictly PCI-compliant - but they say their bank has never asked them to agree to be PCI complaint.
• Their CRM/accounting software transmits everything in clear-text, so I'm routing that traffic over ZeroTier (as a VPN).
• They server room is a small storage closet - they use a telco rack, so some of the servers are stacked on top of it, rather than in it. And there's no cooling in that room - heat is trapped in there, I used a FLIR and it's around 40 degrees in there. I don't know how to get them to install cooling.
• Setup FreeNAS to provide some kind of backup (e.g. for video data).
• They have no redundant power, or surge protection for the server/network room. One tenant is mostly cloud-based, whilst the other runs on-premise software. For the cloud-based tenant, I suspect they don't see the value of investing in the room, as it's just "the internet" and them.