[...] the legal framework itself would make some companies less likely to rely on <white hat hackers> to enhance their cybersecurity, since some companies may prefer to run cybersecurity risks rather than giving others legal opportunities to reveal their illegal and/or strongly unethical activities.