[tyingq]

I understand that sentiment, but IT Security seems to be at a point where it's unmanageable...especially for non-tech companies.

I don't see how a CEO would reasonably assess the state of their IT security. Who would you trust to give an accurate state, remediation plan, etc? There's so many ways to do it wrong and so many different opinions, directions, etc. It feels like even those that throw lots of money at it get mediocre improvements in security but with notable hits to productivity.

In other words, I think there's very few non-tech companies that aren't in the same spot as U-Haul. And probably quite a few highly technical companies also...witness Uber's recent issues.