Re: "Travelex had public-facing Windows remote-desktop servers with no NLA enabled"
Great point, but your final idea of dumping the CEO - not likely.
You are looking at it wrong.
IT are viewed as overhead - weird expensive nerdy people that non-technologists neither understand nor respect and sometimes hate.
Therefore, in their minds, not having real IT or outsourcing it to some extremely cheap country (which amounts to the same) will save them massive amounts of money, but with a risk of something like this happening.
As long as the cost of the outage is less than the money saved, they're still making money with the added bonus of not having to deal with those weird expensive nerdy people.
So, unless this outage is super expensive in the final analysis, the CEO stays and in fact, proves the theory - the CEO can say "See, it cost less to take an outage than to prevent one with expensive nerdy IT".