[OutOfHere]

Extending your logic, highly debatable as it is, a firm should first of all be hacking itself constantly via red teaming. This will help it discover and perhaps fix issues that external hackers can otherwise exploit. This self-offense is a means of defense.

[follie]

Every company that meets modern regulations runs scanners that identify some attacks against themselves. The scanners sold to them stop there because it is liability to do anything beyond that. You don't have to be a genius to use Telegram instead of Teams you'll simply be fired for taking risks with better tools for the job than organizations and governments want to be acceptable and routine if you are in a Western regulated industry.

Announce a change that is believable and all the corporate software will change to match the utility that is no longer a liability.