Large tech firms these days with lax security don't seem to ever pay a significant price for the hassles caused to their users when user data breaches occur. Perhaps if the CEOs of these companies were held directly responsible in a more direct way, they'd work harder on their security systems. What should be done with these CEOs?
