I'm not saying "shouldn't". It's more likely "don't bother".
Interacting with the law enforcement takes time executives' time, it might bring in complications (legal liability for personal data leaks, etc.), and even in the best case the company is not going to get their money back.
So, it's a big problem that everyone should know about but do nothing except post shit on news?
No, you should bother. You should bother a lot. Get in contact with the FBI, make a huge deal about it. You think one company can handle a spy agency? That's bad advice.
You are mixing hypothetical scenarios with reality.
My argument was to inform high value targets first, since they are more at risk and capable of developing a fix.
I also argued for slowing down the development of technology that can help infiltrators.
Go back, read the discussion, see how far you are from the simple truth. Someone is making IT companies paranoid, either on purpose or by mistake. Probably, by greed or as a consequence to it.
I strongly recommend going to official authorities if you believe you're being duped by a foreign nation spy or conspirator.
If they ignore you, it's more likely that you're not that important, like I said previously.