As I opened yet another email last week warning me that my credit card information may have been compromised since recently shopping at some big-name retailer, I have come to the conclusion that it's virtually impossible for any business to guard against Internet intruders.

Sure, they can put up a perimeter security in the form of firewalls and data encryption, require multiple layers of user authentication, and inoculate their operating systems against viruses and malware.

But sooner or later, they will get hacked.

When a bank is robbed, police and security guards can chase after the perpetrators and, if necessary, gun them down. And in situations where the robbers do get away, banks can place booby-traps in the money bags that taint the cash and make it unusable.

By contrast, there is very little a business can do offensively to protect its data after it has been stolen. Even if a retailer is compliant with the most up-to-date PCI Data Security Standards, those standards only address perimeter security and do nothing to render the data useless after it is outside of the data owner's control. For example, businesses cannot embed a code that causes the data to self-destruct or that infiltrates the hacker's system to disable it.

“I have heard of programs that monitor network traffic for anything peculiar, watch data being extracted and follow where it goes, almost like locating the bad guys' hideout,” said Eric Cernak, vice president for strategic products with Hartford Steam Boiler Inspection & Insurance Co., which recently held a “Hacker Lab” event in New York that demonstrated how cyber criminals select their targets, how they enter the systems and what they do post-infiltration.

But businesses cannot legally launch counter attacks against hackers, he said.

“That would be like breaking into the house of the thief who stole my TV to steal it back,” Mr. Cernak said.

In fact, such retaliatory actions could potentially be considered a declaration of war, if the hackers turn out to be state-sponsored terrorists, he said.

But if the U.S. Supreme Court held in Burwell vs. Hobby Lobby that a closely held corporation has the same right to religious freedom as a person, shouldn't a business whose information technology system has been hacked have the same right to defend itself as a person?

In certain states such as Arizona, citizens have the same power as police to investigate a crime and detain suspects. In other states, such as Colorado, if a thief crosses the threshold of your home and threatens you, you have the right to shoot him or her.

There should be similar “Make My Day” laws to address cyber crime.

In football, I've heard it said that the best offense is a good defense. I'm not so sure that philosophy succeeds when battling cyber crime.