First of all, it was to acknowledge the threat that was knocking on their door without them knowing about it. In a few instances, CSIS went along and just informed them and counselled them on the best course of action to take to protect their network, but that was it.
Compare that to the U.S. response. We saw recently that the FBI was not even asking companies. They got an authorization from the justice department and entered those vulnerable servers and corrected the vulnerability that was found there.
The big difference here is that here they were just notified and then left on their own to fix it, and if not, to protect their infrastructure without even knowing what was to be protected. I'm pretty sure a few got hit hard, and what “hard” means is that the research they had done was just siphoned out of there and back to China, to their advantage and not ours.