Re: We wont pay for data slurping pesterware
You should have let the business get pwned. There is no reason at all a business shouldn't pay for security. System security is one of the costs of doing business.
They could probably save vast sums by doing away with premises and networks in the first place and just getting all the staff to meet up at starbucks and use public wi-fi, but they won't.
By not paying at least the cost value for that required business resource (AV) they risk that resource only being available at a much higher price by the time they realise it really is necessary.
We cannot allow unspecified data about our computing systems to leave our business.
In which case you probably should be relying on more than just Free AV software on each user machine!