Laws and regulations have not kept pace with growth of Internet technologies. No clear expectations have been communicated to the software industry or users of these services by policy makers. Executives have responsibility for protecting customer data but enforcement remains selective. In the most egregious incidents, top C-level execs have been terminated for poor cybersecurity (e.g., Target).
CNBC: Execs We’re Not Responsible for Cybersecurity, “…executives like CEOs and CIOs, and even board members — didn’t feel personally responsible for cybersecurity or protecting the customer data…” (Twitter: @ArigatoDamato)