A lot of people want you to come in and find a quick answer and fix, rarely allowing a full proper investigation. Many times they're adverse to spending money and want to cut corners where they can. It's actually disheartening. Much like one of the posters above, I've seen people purposely stop investigations because if the investigation reported on known issues it would open up more questions about other wrong doings.
The Irony is their actions on remediation are almost exactly in line with the decisions made that often times lead to the incident. It's cyclical.
I suppose the difference is that in accounting, any irregularities or shennanigans are quantifiable in dollars. Security breaches maybe sometimes are, but often are not. I'm guessing there nobody able to prove that his or her identity was stolen as a result of this breach, to say nothing of being able to specify a dollar amount of loss that can be backed up.
With often vague or only theoretical damages, it's harder to muster support for draconian consequences.
Also people can sort of understand accounting. Dollars and cents and balances are something most people can comprehend. Computer software and security breaches, on the other hand, are much more of a black box for most people. They can't intuitively understand what's sensisible and reasonable and what would constitute negligence when it comes to protecting software sytems and data, other than by relying on what other people tell them.
The Irony is their actions on remediation are almost exactly in line with the decisions made that often times lead to the incident. It's cyclical.