If I can pick up on what Mr. de Boer was saying in terms of incentives for those small and medium organizations, if we enable the larger organizations to share openly, truthfully and fully with the small and medium organizations about what they're seeing and doing, and support them so that they don't get hit with the same attack, the prevention is better than the cure. That will help.
Another approach we could take is to incentivize businesses that are not necessarily the ones covered by this legislation—that's a separate piece—but the supply chain. We can incentivize the supply chain to reach a level of cyber-maturity through tax incentives or through insurance breaks, if they have certifications.