sack the board,...
Or make any security breaches an instant loss of bonus.
May be share holders should be demanding companies report all breaches at their AGMs.
You can't blame managers for recruiting IT illiterate when they themselves are IT illiterate and were appointed by senior managers that work for the business and are also IT illiterate.
Hopefully the company in the UK will be fined massively, go out of business and the board will be named and shamed, personally fined and never work again.
Unfortunately there will be a knee jerk reaction by the IT illiterate boards who will spray money at consultants to fix the problem, but will fix nothing fundamental and just cause lots work for the poor real techies who know how to fix this stuff but are not giver the funding or tools.