I think there are many levels to this. There is a level at which individuals need to take personal responsibility, making sure they're using things like two-factor authentication to protect their own systems, and obviously, that also applies at the level of organizations.
From a governmental perspective, it is really, as has already been discussed, a question of co-operating, both between the private sector and public authorities. This also includes across borders, recognizing that these kinds of threats are not easily contained within domestic borders, because of the transnational nature of companies and groups.
As Dr. Huebert mentioned, there is this effort with disinformation to inspire others to take action, rather than taking action directly, so that's one of the ways you can see this crossover from the cyberworld into the physical world.
Certainly, it is very important to ensure that the types of software that run big systems like refineries are up to date and protected from the Internet.