[tuwtuwtuwtuw]

I tried to imagine, but my mind told me that a couple of millions would not prevent these issues. Did I imagine it wrong?

You would likely end up with better security. Would it be good enough to prevent breaches? Doubt it.

[jessaustin]

Most ransomware is pointless where regular reliable backups are in place. A situation like this where there are privacy and outage concerns is a bit different. We may eventually discover that the operators of the system discussed in TFA really were backing up that system, although probably for less than "a couple of millions". Still, ransomware payments are usually a penalty for not doing backups.

[grumple]

I think preventing breaches is a losing battle. There will always be new vulnerabilities.

You can practice things that make recovery fast and reduce the impact of breaches though. Isolate data, encrypt it, only grant necessary access, have robust backups and test recovery regularly. These things take time and money though, and most companies are unwilling to do them sufficiently.