It is not capricious to hold C-suite legally accountable for their choices. Lots of corporate scandals would simply not have happened if decisionmakers had skin in the game.
If CISOs can have personal liability for data breaches, CEOs can have personal liability for intentionally creating an illegal platform.
Instead we reward these people with billions for degrading the fabric of society.
> If CISOs can have personal liability for data breaches
Where’s this, now?
In the US it’s a legal battle currently being fought. CISOs have been charged by the SEC and other agencies, with varied success. Some cases have been deemed over-reach, some have not. And other were a case of a CISO doing ostensibly illegal things in their capacity (in some cases paying ransom demands have been interpreted as such, especially when disguised as other things).
We need either a “corporate death penalty” of sorts, more personal liability for c-suite execs, or some combo of the two. Too many people fail upwards to trust the system to sort out the “bad ones.”