Your inherently vague "involves" in your para. 1, which
apparently contains the entirety of your contemplated major premise
for some sort of argument you propose to make, makes your entire
posting confusing.
           While the state and federal class action LifeLock lawsuits
to which you refer incidentally and so at least in part did "involve"
the "failure" as you so far express it, it was not primarily such a
failure that provided the grounds for those lawsuits and for their
later partial settlements.
           Using only the word "failure" suggests no more than an
omission to do some act.  But saying as you do in your posting only
that there has been the sort of failure you summarize - here, as you
so far describe it, to protect computer stored information - does not
communicate anything of interest about whether whatever is the failure
you have in mind is actionable without more or was or was not
accompanied or at least otherwise characterized by some other
misconduct made actionable by a state or federal statute or by reason
of common law principles in wherever is the jurisdiction in question.
           In what you say is the case "closest" to whatever you
contemplate, it was less the sort of failure to act you so far
summarize than, more importantly, defendants' affirmatively made
deceptive statements to market their services, including statements
they made deceptive by omitting significant facts so as materially
inaccurately to describe their services, that provided the alleged
basis for liability
           In other words and depending on and actual description by
you of whatever is the scenario you have in mind, while it is at least
possible that what you say is "the problem" is at least partly that
for you, nothing you say in your posting indicates that a mere
"failure" would provide a basis for liability of a business entity or
of an individual associated with a business entity in a policy and
decision making role whether or not that entity is a corporation whose
shares of stock are publicly traded.  
           And while you also do not post any facts that would inform
whether this is more than an incidental consideration, in the LifeLock
cases themselves it was not defendant corporation's status or not as a
publicly traded company that was particularly important compared with
the fact, for the purposes of the FTC's litigation, that LifeLock was
engaged in interstate commerce and, for the state lawsuits, that that
commerce was being conducted in the states in question.
           In any case, the probable liability or not of an individual
affiliated with and acting for a corporation or comparable business
entity always depends on the specifics of the allegations sued upon.
Not least of these in the LifeLock lawsuits was whether, by their
terms, the statutes under color of which the federal and private state
plaintiffs sued applied to the individually sued defendants - still
other information you do not provide in your posting in relation who
whoever would be the individual defendants you have in mind.