There's a trend of paying these ransomware attacks which are sometimes in the order of millions. Imagine if those millions were _proactively_ invested into the computer security of these systems?
Most ransomware is pointless where regular reliable backups are in place. A situation like this where there are privacy and outage concerns is a bit different. We may eventually discover that the operators of the system discussed in TFA really were backing up that system, although probably for less than "a couple of millions". Still, ransomware payments are usually a penalty for not doing backups.
I think preventing breaches is a losing battle. There will always be new vulnerabilities.
You can practice things that make recovery fast and reduce the impact of breaches though. Isolate data, encrypt it, only grant necessary access, have robust backups and test recovery regularly. These things take time and money though, and most companies are unwilling to do them sufficiently.
The difference is it is not the attacked company that is paying the ransom, typically. It an insurance agency. So the company that was compromised still only pays $X a month, which is probably less than any million-dollar investment.
This is rational behavior. Voters cannot distinguish proactive spending from embezzlement. Politicians need to allow the problem to occur to prove that the money is actually needed.
In the case of covid - it would have happened everywhere else. So they would just have looked incredible le smart.
But with IT stuff, yeah it’s tough to justify - but maybe after things like this happen it will be easier. Sometimes you need a Pearl harbour to get stuff done!
You would likely end up with better security. Would it be good enough to prevent breaches? Doubt it.