The Christian Science Monitor reported on this survey and observed,
“More than four in 10 of the directors in the survey felt that a company’s chief executive officer should take the rap for a data breach. When asked to prioritize who should be held accountable for such incidents, corporate boards ranked the chief executive officer first, followed by the chief information officer, and then the entire executive team.”
To me, the entire premise of this discussion needs to shift from blame to preparedness, governance and mostly to teamwork. We live in a world of continuous compromise. Threat actors, many funded by nation states, are highly sophisticated, well-funded and patient. If they target you, they will at some point compromise your network. While prevention serves as a meaningful and necessary deterrent, no preventive solutions are 100% effective. Admitting these realities is the first step to moving on.