So what are you, as the CEO, doing to make sure your organization is safe from any possible breaches from laptops? I'd love to know. The possible financial and legal headaches from such a breach are too severe to ignore this issue. I'm thinking a simple directive to the CIO should suffice. There can't be that many laptops that they would be impossible to track or to protect. And given the importance of this issue, shouldn't the CIO represent to you in some way that the laptops are protected?
If you aren't requiring your CIO to certify to you in some way that all laptops your organization owns are encrypted, well, you deserve your fate, which in the case of a stolen laptop, would be severe.