Any company can get compromised despite there being huge security teams working in them. Two important factors are Digital forensic investigation (DFI) and incidence response. It is important how fast an Organisation recovers from and attack. Also, it is important to have a cyber security auditor who will sign the balance sheet along with the financial auditor to certify that the level of security is a reasonably acceptable practices to convince a shareholder. Digitalization and globalisation cannot be avoided. So, you need to have a separate framework, that will have reasonable and contemporary security practices.