
Hmm ...
"Firms were also told to keep regular offline backups, segment their networks, promptly apply security patches, test their incident response plans, and use the services of a third-party penetration tester to identify any potential vulnerabilities missed by internal staffers."
Meanwhile, in the real world, firms will continue to beef up their legal teams, hire more spin-doctors, and recruit better snipers to take out any approaching messengers.