There are still courses of action, but inevitably they are very limited.
Perhaps the best thing to do, as has been demonstrated more recently by the actions of Anonymous, is to do very little, or nothing at all.
Once the heady spotlight of publicity was shone on Anonymous, it itself began to implode. Splinters within the group appeared and details of the members were posted online. One of the group's leaders subsequently quit. This is, granted, an extreme end result, but then Anonymous is arguably a high profile and extreme case.
The lesson Sony has ultimately learned though is if you have a security problem, then it pays to be transparent about the issue itself. It had a golden chance here to prove to the world it was on top of its security by quickly and swiftly prioritising a problem, whilst alerting people as fast as possible. Sony may have been priorisiting behind the scenes, but its customer base didn't know that.
Anonymous is arguably a high profile and extreme case
Conversely, it pays not to shout and scream, no matter how much of an example you want to set, when you're taking action against a party.
The rules are clearly weighted very unevenly here, as what plays out in a court of law looks very different in the court of public opinion. The frightening thing for organisations of certain sizes is that, if a hacker really does want to find a way in, chances are they'll find a way in. And it's questionable just how much can be done about it...
