I suppose the difference is that in accounting, any irregularities or shennanigans are quantifiable in dollars. Security breaches maybe sometimes are, but often are not. I'm guessing there nobody able to prove that his or her identity was stolen as a result of this breach, to say nothing of being able to specify a dollar amount of loss that can be backed up.
With often vague or only theoretical damages, it's harder to muster support for draconian consequences.
Also people can sort of understand accounting. Dollars and cents and balances are something most people can comprehend. Computer software and security breaches, on the other hand, are much more of a black box for most people. They can't intuitively understand what's sensisible and reasonable and what would constitute negligence when it comes to protecting software sytems and data, other than by relying on what other people tell them.
