I think it's unfair. A single person doesn't bear the whole responsibility of a breach like Equifax's. The breach is just the final symptom of deeper problems with company leadership & policy allowed to fester by ineffective public oversight and bad incentives. The witch hunt will change nothing and absent policy, it will probably happen again because the specific people were never the problem.
A single person is not "the leadership". Blaming just corporate leadership is also unproductive; if incentives and lack of oversight encourage this outcome, punishing and replacing the leadership is just playing musical chairs. Saying "the buck stops with them" is pretty useless unless your goal is simply to declare a target for emotional rage.
Isn't the (nominal) reason the people at the top get paid so much is because they're supposed to take responsibility? If not them, then who? They're supposed to set the incentives and culture so that the people below them in the org chart do the right thing. It's their job to know that their suppliers aren't using sweatshop labor to produce their goods. It's their job to make sure managers don't lean on the rank and file so much as to incentivize fraudulent behavior (but the managers would never outright say to do these things, oh no). "Don't ask, don't tell" isn't an excuse. And if the greater environment is such that "everybody does it", well maybe we need better regulations and/or policies, but that still does not absolve them individually.
The people at the top might not be at fault, but they sure as hell are responsible.
Hold the company responsible and let its stakeholders and internal processes figure out how to course correct. Maybe the CEO or CTO or whatever screwed up and need to go, or maybe it was a rare accident that is only human; given the right incentives & punishments, companies will work to identify and fix whatever is causing it to be punished as part of its profit maximization goals. All orgs of that kind of size operate as complex systems, inviting uninformed mob pitchforks into the process is counterproductive.
No, I don't think people at the top get paid to be a voodoo doll of responsibility. They get paid a lot because good executives are hard to find and can produce huge benefits, so the market values them very highly. It can feel good to throw around moral judgement like "that still does not absolve them individually" but if a set of incentives/environments consistently produce bad outcomes, the people involved are not responsible. It would be unproductive to punish the people involved when their replacement would do the same (especially considering that punishment is notoriously less effective at deterring human behavior). I personally think it is also morally wrong to do so, similar to punishing a thief for stealing food in a system that consistently deprives him of the ability to acquire food legitimately.
Well gee, in this framework it seems like there is no way for anyone to ever be negligent or liable for anything they do, no matter how ill-considered.
The very few leaders are paid enormously in money and status for all the value they are supposedly adding, if they screw these things up why should the hit they take not also be expensive?
