Who do you trust more? Your isp, or a random vpn Company that not only own one vpn-service, but surprisingly many. (Nord security owns NordVPN and Surfshark, Kape owns ExpressVPN and Cyberghost). And wouldn't it be need if you, as NSA, would have a direct connection to the data people concerned with there privacy? It's not like their "no log" policy really exists if the have to write logs by law.
But if you don't use a VPN with military grade encryption hackers can steal your money from the banking website that only uses military grade encryption!
Considering Nord (and most VPNs, especially the ones that advertise themselves) are all owned by one company, who has a huge conflict of interest (they're an ad company) with VPNs to begin with.