> one particular company whose systems have not been verifiably breached

The unknown unknown. How can you be sure all the "resisted actual attempts" been even detected?

You've changed the requirement. To prove a company hasn't been breached, you'd also have to prove that there hasn't been a breach that hasn't been detected (so breached, but not verified). Any given target might already be quietly owned by some state actor or corrupt insider with allies on the outside.

Several places probably would have met those goals...

... right up until the SolarWinds hack became public.

The point being, provable "we've never been breached" seems to have a way of turning out to be wrong. :/

Challenge accepted?

Just because known attempts have failed doesn’t mean the unknown ones have too.

most attacker groups would be unlikely to share that result