• I feel a bit uncomfortable regarding who the ax falls upon:  it seems to me that if a business or corporation does not sufficiently invest in security that the buck stops at the desk of the CEO or the board of directors.  I prefer the latter since they really hold the purse strings and represent the investors.  If it is your own business, you rolled the dice and it came up snake eyes so take your medicine.

    But the crazy thing about all this is that most security issues have to do with insider activity, installing software with the default configuration values intact or failure to keep software up to date, three items that don't need a great deal of investment to address (well, software upgrades can be a pain and the down time might cost you some money but not always).