We don't put this financial burden-of-self-defense on any other industry though. Why is cybersecurity different than physical retailers?
Walgreens isn't responsible for providing their own police force. Sure, they put locks on the doors, but the burden of protecting businesses is on the police, which they (and we) pay for via taxes.
You could say "Oh, a business which can't defend itself against looting doesn't deserve to be in business", and maybe you end up with like 5 mega-Walmarts who can afford heavily armed guards, but this isn't actually a better society in the end than one with robust small businesses.
It's the same with cybersecurity -- you can take everyone except Google, Amazon, and Facebook off the internet, because only those three can hire top-of-the-line security professionals, but that's not actually a better internet than the one we have now.
In San Francisco, Walgreens is responsible for providing their own security force, so they decided to stop operating there.
Companies that can't secure their operations can hire others, like Shopify, Paypal, etc to conduct online operations for them. We've all heard the many stories of professionals making security recommendations and being overruled. If you don't want to invest in security, then don't have valuable data in computers connected to the Internet. Experian exposed our data and faced basically zero consequences, so I don't have any sympathy.
San Francisco neighborhoods did not want mall-like corporate chains at all, a few decades ago. The companies paid for the privelege and prevailed over time. Meanwhile economics changed and left a lot of people out of the benefits, wages for working people stayed even, and the pain-killer drugs and organized crime grew strong. Toxic cocktail to be sure, but SF has always been a cocktail town, from the early days. In some ways The City has reaped what it sowed, socially.
Cybersecurity drastically varies depending on the actions of a business in a way which physical security doesn't, short of the business failing to lock its doors at night. And if the business does fail to lock its doors, the business is directly hurt, giving businesses incentives to treat security properly, while security breaches often hurt the customers, but not the company.
Also, you don't generally see the police demanding that retailers have windows that are easy to break because the police might want to rob them themselves someday, but the equivalent is routine with the government and cybersecurity.
Walgreens - great example! That's a pharmacy. Pharmacies have to follow strict safety regulations and are constantly worried about both those and the threat of lawsuits for endangering customers. And there are also both internal and external threats to the business (drugs are a valuable, easily portable asset).
Oversimplifying a lot, Walgreens has these well-paid, trained workers they call "pharmacists" to deal with it.
You are trying to whatabout this, ignoring the actual point. Let's not do that.
The Pharmacists make only effort to prevent someone from breaking into the Pharmacy with a crowbar and stealing all the drugs + prescriptions. In fact, I would be shocked if Walgreens even _allowed_ staff to physically detain shoplifters -- that's a huge legal liability.
You pretty much have no clue what your talking about when it comes with the duty of the police. The police have no charge to protect you or your business, at all, whatsoever. This has been decided in the high courts in the US. Pretty much everything you stated is completely incorrect.
Walgreens isn't responsible for providing their own police force. Sure, they put locks on the doors, but the burden of protecting businesses is on the police, which they (and we) pay for via taxes.
You could say "Oh, a business which can't defend itself against looting doesn't deserve to be in business", and maybe you end up with like 5 mega-Walmarts who can afford heavily armed guards, but this isn't actually a better society in the end than one with robust small businesses.
It's the same with cybersecurity -- you can take everyone except Google, Amazon, and Facebook off the internet, because only those three can hire top-of-the-line security professionals, but that's not actually a better internet than the one we have now.