Comment by mrweasel

Hard to say. I'm sure that in some 100 page report somewhere under the list of concerns is the risk of information leaks and potential damage. Then someone decided that the company just spend $50M on "cyber" and in their summation change the text to "potential risk of data lose is offset by investments in cyber security", then they push the new 40 page up the stack. The security risk is now perceived as low, so it's removed from the executive summary and a 3 page memo on the revenue and share price benefits is created.

I don't think was ever ill intent, but when it inevitably goes wrong, then yes, everyone will be thrown under the bus if it protects the stock price.