CIOs must not be security scapegoats