So true. Can't wait for NIS2 to be implemented in my location (EU); the new directive allows authorities to hold board members and CEOs personally responsible for cybersec fails (although only as a last resort, after trying other means).