If only the CEO had paid enough attention to the realities of situation rather than so quickly accepting a convenient delusion.
Maybe not today, maybe not this week, but soon, this CEO will pay for this mistake many times over. And worse, as long as he maintains his distance from the reality of the issue, this CEO will never understand the associated costs are completely his fault. Protecting his company in a meaningful way, and avoiding perhaps millions in unnecessary expenses, was his responsibility and was completely within his power to accomplish. He simply didn’t take the time to understand one simple fact about his company: compliance, like security, is not a constant.
No organization is completely compliant, just as total security is not possible. Why, you ask? It is really very simple.