Whether a company decides to issue a utility token or a security token really depends on the business model they are looking to achieve and how they intend to tie in to regulations in the states they will be operating in.

At one point in time you could get away with an ICO that would pay out dividends (clearly a security) and there wouldnt be too much fuss because the ICO phenomenon wasnt big enough. But now with the crackdown of global regulators on securities and making sure that any company selling securities complies with local securities regulations genuine consideration should go into whether or not you business model can support a utility token.

Some organisations, Paypie for example went the route of a utility token, and are now having to actively work with their local (Canadian) regulators in order to show that it is a utility token and therefore exempt from security regulation. In order to do this they are essentially needing to complete their platform and show the use case of the token. The whole concept revolves around how their token will be engaged in the platform.

Another example would be Caviar, they have decided to release a token that will pay out dividends based on performance of the organisation. As such they dont need to focus on a use case of the token as it is only there for passive income. They do however have to put further consideration into the markets they are going to be allowed to sell their tokens to (they were pinged by a US state regulatory office for having sold a security to a US citizen). They are now having to complete a full KYC audit in order to ensure that no tokens were sold to persons in states which the sale would not be legal. Every country has a different regulatory framework for securities and the level of regulation of/interference with the market is different, therefore there can be a lot of work to protect your business from attracting unwanted attention from regulators.