Nah. I'm just cognizant that cutting the pipe can put businesses out of existence is all. I don't think it helps anybody to put a business out of business. Cutting the pipe should be, IMO, the last resort to the business not getting its ducks in a row.
Obviously, the owner of compromised systems is responsible for those systems. Period, full stop. In my line of work, I'm often the hapless slouch who has to find the root kits and whatnot, cleanse the system, determine (if possible) the vector of entry, etc. Usually, the system was owned by some undetermined means and all I can do is just cleanse and lock down as much as possible. Clients, however, being the meat sacks they are, always manage to encounter PEBKAC events.
I don't think we're actually all that far apart in our line of thinking, Marc. I just am reluctant to pull the pin on their network connection until such time as the company has proven itself either unable or unwilling to address its issues. This approach is fair, I think, when dealing with individual residential and corporate connections. When you threaten upstream disconnection at the ISP level to downstream ISPs, then the collateral damage is too great for such shenanigans. Putting hundreds of companies out of business simply because they chose an ISP who allows botnet traffic to pass its borders would penalize those who are not a part of the problem. That, IMO, is unethical.