I think the bigger issue for a company is the support you can purchase. Red Hat has lots of commercial support while Debian has much less since it is a community distro.
The other issue is frequency of upgrade. Debian supports it's stable branch for one year following the next stable release. Releases are typically ~2 years apart, so you would have security updates for about 3 years total before you'd want to upgrade. Red Hat has a roughly 7 year
life cycle (though I think the production 1 & 2 phase are equivalent to Debian's support).
As for security, it's probably a wash as long as you're applying patches and sticking with Red Hat Enterprise or Debian's stable branch.
The real difference between the two in terms of management are the tools available. They have different package managers and different underlying helper applications for configuring hardware, networks, etc.
If you have the expertise in house, either CentOS (RHEL clone) or Debian will be fine. If you want a paid subscription where you know someone will help you setup and maintain the system, you probably want Red Hat.