If I was the CISO for a publicly traded company, I would definitely feel like it was necessary to implement some protections to the company. I would purchase and have security protections installed such as access control software or a fire-suppression system. Media protection is something else that I would focus on since it addresses the defense of the system media. Media protections can restrict access but they can also make them available to who is authorized to view them. Boundary protections are important to a company so that an organization can monitor and control communications at external boundaries as well as internal boundarires within the system. The cost of making your organizaton as secure comes at a cost, but it would cost a lot more money to fix a future problem then to take measures at the beginning to ensure that the company stays as secure as possible.