This has nothing to do with the reality of computer security. Not getting hacked requires doing everything right and some luck. Hacking requires some luck or doing one thing right.
The problem is to hack something you need to know the what, where, who.
Companies have a very visible what, where, who in most cases.
Hacker don't, and take extra steps to obscure it (e.g. jump hosts, bot nets etc.).
Now if it's idk. a spear phishing campaign or similar "hacking back" by giving them trapped data or reverse social engineering attacks might work.
But if it's a technical security vulnerability some one found by scanning and sneaked into using multi-country jump hosts and cleaned up behind them. Then you have little chances to find them and to do so likely requires getting information from telcoms which require judge orders to be handed over, and from multiple countries, too.
Sure though I would view that as a separate problem with the idea of asking anyone to target attackers.. Everyone is an equally good psychic some believe they are better than others.
Extending your logic, highly debatable as it is, a firm should first of all be hacking itself constantly via red teaming. This will help it discover and perhaps fix issues that external hackers can otherwise exploit. This self-offense is a means of defense.
Every company that meets modern regulations runs scanners that identify some attacks against themselves. The scanners sold to them stop there because it is liability to do anything beyond that. You don't have to be a genius to use Telegram instead of Teams you'll simply be fired for taking risks with better tools for the job than organizations and governments want to be acceptable and routine if you are in a Western regulated industry.
Announce a change that is believable and all the corporate software will change to match the utility that is no longer a liability.
it's also why Germany started WW1 and what made it easy to put all the blame on them (after WW1, WW2 is a different thing)
and also is related to common war crimes iff in a conflict combatants frequently hide as civilians (as a defense by offense will sooner or later lead to attacking random civilians due to mistaking them for hidden combatants)
