Follow
Not cost of doing business (which implies something repeatable), the CEO consider data breaches to be more of acceptable risk, very much like preventable workplace accidents. I've literally heard that "happens to everybody" excuse and it left with my jaw open.
Part of that reasoning in case of data breaches is of course "won't happen to us" but also that it's usually not *their* data that is being breached - it's their customers' data they accumulated that gets leaked.