And the second major CDN outage in a few months is also affecting 0% of the websites I want to visit.
I'm afraid this will be yet another "this happens to everyone big enough, it's just part of the business" argument, just as with data breaches and ransomware. Until it reaches a scale we're watching right now with the latter, when these idiots' irresponsibility and greed actually leads to catastrophic consequences.
I don't think data breaches and ransomeware are considered cost-of-doing-business. When a major company gets hit, the attackers know what they can extort and in the end it does affect their balance sheet.
However I do think CEOs are guilty of hiring CSOs based on their ability to make the board think happy thoughts, because they have an "it won't happen to me" invincibility complex.
Role of CSO and CISO is quite challenging as in many cases they will be positioned under CFO or CEO, and *their* objectives is profit, and in most cases short-time profit. Only in highly regulated institutions (like banks) CSO can stop a crappy business project from going live for security reasons, and even then you hear arguments like "oh that 2m FSA fine would be only 5% of out turnaround".
This is actually also quite rational from their point of view as reputational damage is usually close to zero, any share price drops are temporary, and media coverage is usually compassionate, portraying them as victims rather than ignorant and risk-taking idiots who put others at risk. Nobody stopped doing business with Experian or Accelion after all. Bankruptcies are rare (e.g. AMCA).