@geraldjoyce312 The fact is HSMs are used for all sorts of Financial Institutions around the world, for regulatory requirements etc. The fact is many vendors would not like this type of information to be available in the public realm - bad for business and reputation, trust etc.
Based on this link: https://searchsecurity.techtarget.com/tip/What-are-the-biggest-hardware-security-threats
You can perceive some of the issues from going from manual to automation processes in terms of assurance, balanced carefully in terms of mandated regulation, especially in the payment and transaction space.
Or even using Cloud based HSMs. I once saw one situation, where by the management interface was actually left exposed on the same public VLAN, which caused some internal issues for the organisation involved, especially as the client actually found it themselves and were actively using the services to use Cloud based HSMs, using a mobile device. It was solved very quickly indeed as you can imagine.
Other links I have uncovered are:
Other major factors are going to be misconfiguration, human beings and errors over time.