"Surely the better thing is to talk to IOActive about minimizing the damage that disclosure will cause"
Why? It was a management decision to sell something that was cheap to make and insecure in use. If you've decided to do that your "business continuity" or "disaster recovery" planning should have covered the eventuality that your product would be discovered to be a PoS.
"and coming up with a plan to remedy any shortcomings in the existing product line?"
AFAIK all of Cyblerlock trouble is due to internal management decisions. Their development team should have warned them the system was vulnerable (and I hope they kept the emails where they did so). If they didn't it would seem they were pretty incompetent as well.
It seems a whole generation of "managers" have grown up that don't have the ability to stand by their decisions and whine "Oh the market/Board/creditors/partner/voices-in-my-head made me do those things"
You did it because you wanted a big bonus, a big pay rise and stock options. Everything else is self justifying BS.
You want to be a manager, manage the mess you made.