the number of confirmation that you wait for depends on the risk you are taking. and the risk depends on the person you are trading with, the amount of the transaction, type of the wallet you use and also the network status.
1. if the person you are trading with is known, for example when you are buying a house and have contract with the payment address and transaction ID written inside of it. the risk is lower so you can ask for lower number of confirmation
2. it is somewhat obvious, for example someone sending 0.001
BTC doesn't have the power or incentive to reverse this transaction but someone sending 10,000
BTC may have that power (mining power) even though it may be nearly impossible and easily detectable.
3. when you are running a fully verifying node (like bitcoin core) you get the benefit of fully verifying everything yourself without relying on anybody else, this increases the security, for example you can detect chain splits yourself and do it fast. but when you use a Simplified Verification node (SPV like Electrum) you are relying on the node you connect to to give you correct information. for example if a fork happens your transaction may be on a wrong chain and you find out about it much later so you have to wait for more confirmation.
4. network status is the status that bitcoin network has for example currently everything is normal, but back in July 2017 there was a big risk of chain split because of UASF, SegWit, BCH fights so the recommendation goes up to 30+ read more here:
https://bitcoin.org/en/alert/2017-07-12-potential-splityou can read this:
https://bitcoin.org/en/you-need-to-know#instantand bitcoin paper section 11 (page 6) for more information.