The “prevailing norm” in corporate America is “governance is lacking, resources are misaligned, and enterprises fly blind to their most critical cybersecurity risks, putting the company and shareholders on uncertain ground,” said Scott Kannry, CEO of the cyber-risk engineering firm Axio.