[wepple]

It’s a spectrum. There are companies that absolutely care with every fiber of their being, and those that couldn’t care less.

Now that “cyber” is a thing that can lead to a CEO losing their head, most companies are roughly in the middle somewhere. Sure, there will be a fall-guy and finger pointing, but it’s better to at least not be completely negligent.

“If the risk can be transferred to other parties” - that’s pontentially a business avenue OP wants to pursue. AcmeCorp can buy OPs shiny datascienceDefender(tm) network monitor.

A lot of tech-first companies (and don’t forget, some legacy companies are desperately trying to become these) care a massive amount about security, so there is definitely volume of work with people who genuinely want to improve the state.