You could just jail the CEO or who was responsible for the security at that agency / company.