@barrybazen – This is a good question. The short answer to it is no. I will explain further.
The SLA between the end user and the supplier is agreed upon prior to the execution of the contract. It would state what action(s) and or safeguards are available to each party if a breach was detected post installation. (Note: often a network might be infected prior to the execution of the contract, so there are many variables here…)
There is cybersecurity insurance, but it normally uses post the breach for remediation, forensic, customer notification and alike services.
Cybersecurity is different to each entity, many organizations have compliances, (HIPAA, NIST, PCI) some are state-regulated, (GDPR, NYSDFS). Some private companies like Target, Home Depot, and Sony, for example, will not do business with a third party unless they can prove cyber awareness. Therefore security is required.
What I have experienced in the past is that having a Managed Service installed correctly can identify, defend and if necessary, remediate many types of infiltration. (No security service I am aware of is full proof.)