[dnbgfher]

Absolutely. I didn't mean to imply otherwise. I don't expect companies to be able to stand up to dedicated attention from a nation-state.

What I was trying to say was that that doesn't relieve them of their responsibilities to minimize the damage afterwards.

Just because they can't be expected to win doesn't mean they should be able to wash their hands of the whole affair without trying to help.

[Kalium]

What do you expect the outcome would be in a scenario where a company is living up their responsibilities to deploy reasonable measures, deploy defense in depth, and work to minimize the damage of a breach in the face of a sustained nation-state attack?

More to the point, in what ways are the companies allegedly breached failing to live up to their responsibilities to help minimize the damage of a breach? What should they do in a scenario where investigations may be ongoing and potentially involving law enforcement?