Governments of Canada and Hong Kong do tests against public IP space with the same country code. Results are not what one would expect - just a bunch of noise is send to CISOs, mostly about uh-oh your NTP server is wide open (it is not in fact). Usefulness of those test is very questionable.
It's equally possible for a company's security team to do a shit job, that doesn't mean companies should not think about security. If those governments are doing a shit job it's an argument against doing it badly, not against doing it.
