At least four things were admitted: that you received the information, somebody processed it, the approximate time you received/processed, and the intention to take action.
I would hope any well-intentioned and reputable company would not mind, but some might not want to admit any of that! Plenty of ammo for anyone who subsequently blames you if you then fail to remedy the situation in a timely fashion.
A reputable company that deserves it's reputation is probably not hosting phishers pages on their site. Sure, shit happens, but anything above a micro company that's hosting pages should catch that. The shared hosting company I used caught a breach on my personal page once, another time Google notified me: it's not rocket surgery to catch these things is it.
If the company is too small to monitor their own pages then I'd expect them not to be worried about this sort of liability (ie knowing of a breach, they're too small to be sued for much, presumably: if they were bigger they'd know about it already).
You just can’t tell, when your job is hosting user content, e.g. managed website hosting (cpanel) or static pages (Azure static website hosting). I mention these two companies because I received 2 phishing attempts this week, both pretending to be from Microsoft, with the payload hosted on cpanel and Azure respectively.
Both have an abuse / phishing declaration form online. I signaled both pages, and they are still up for the moment.
I doubt a court would make a distinction. The claimant (plaintiff) would have to prove the defendant knew about the emails being sent to the public blockchain and decided not to do anything about it.
That's not necessarily easy to prove, in the same way the defendant could claim emails were trapped in spam filters, etc. or more realistically, the burden of proof is on the claimant so the defendant wouldn't say anything if they're smart.
Is it possible that they (perhaps mistakenly) believe that communicating with you could open them up to civil liability?