> Is it lawyers misunderstanding the value of security research?

I would've thought it would be more likely some middle manager who doesn't understand tech and just knows this person was ""abusing"" their system.