It seems to me that when it comes to cybersecurity, having a basic universal agreement on what is best practice is crucial in practically any work environment that I can think of. Though staying flexible, and being able to respond creatively to issues as they happen is important as well, there needs to be a solid guideline, a checklist of items that everyone in the industry has agreed need to be followed under most circumstances. The framework that NIST has developed (and continues to constantly update and keep relevant) is a particularly good example of a solid framework that organizations can depend on as it was developed to defend critical American infrastructure. This inherently means that the utmost diligence was taken to make the framework thorough and usable, as the American government has every reason to want its critical infrastructure to be defended. For private companies, this framework seems to be the golden standard. If I ever work for the private sector in an already established company, I would certainly be willing to use this framework, as in that circumstance it really cannot be beat.