Comprehensive and Detailed Explanation (250–350 words)

===========

According to EC-Council CCISO documentation, the Chief Executive Officer (CEO) bears the ultimate responsibility to shareholders for all material events impacting the organization, including cybersecurity breaches. While the CISO is responsible for designing and overseeing the security program, accountability at the shareholder level rests with executive leadership.

CCISO materials emphasize that cybersecurity is a business risk, not merely a technical issue. As such, the CEO is responsible for enterprise risk acceptance, disclosure decisions, regulatory reporting, and overall corporate governance. In publicly traded companies, cybersecurity incidents may materially affect stock value, investor confidence, and regulatory standing, all of which fall under CEO accountability.

The CTO and CISO provide technical and security leadership, and the CFO manages financial reporting and disclosures, but shareholder accountability remains with the CEO, who represents the organization at the board and investor level.

Therefore, Option D is correct.