Very disappointing to hear about this. Security is increasingly becoming a primary driver in the selection of enterprise networking gear, and given that so much of what USED to make CISCO special has now become a commodity, they really don't have room for these sorts of mistakes.
The evil 20 years ago. Manufacturer says to VAR, give me your customer data so we can give up better pricing. So you either comply or can't remain competitive. Then the manufacturer eventually takes the customer data and bypasses the VAR. VAR goes out of business anyway.... Today it is the same thing in a new market. take your applications and put them on the cloud, cloud has all your data. If someone offers the right price and the right "data breach" occurs someone can get all of your company data without you even knowing.