Re: How is this helpful?
CEOs and directors should be held accountable where negligence can be proven, ie they were aware of security weaknesses but didn’t instigate work to fix the issue. Sysadmins should get sacked for misconduct / gross misconduct if they didn’t follow due process, implement the standards that have been defined by the organisation when requested to do so.