…or mismanagement if you will:
The first quote relates to management’s responsibility and using wisely their power of choice when it comes to doing poorly on a security assessment, failing an audit, experiencing a security breach, and falling out of compliance:
“Failure to hit the bullseye is never the fault of the target.” – Gilbert Arland
The second one relates to management not supporting information initiatives year after year and then, once a breach occurs, suddenly finding it in them to make things happen:
“When they feel the heat they’ll see the light.” – Herman Cain
Just a couple of thoughts to add to your arsenal…