CISSP All Domains Practice test 11

After a security audit and penetration testing, we were notified about some security issues on all our switches. We chose not to implement the recommended mitigations this year because it was deemed too expensive. If our switches are compromised who is responsible?