[dllthomas]

Ransomware in particular requires the attacker to be able to make your data inaccessible; in order to do that they need a certain level of control over every system on which that data is replicated, and as you say avoiding a monoculture makes that (substantially?) more difficult.

On the other hand, a leak or breach of user privacy requires exploiting any single system containing the data. Putting the same data on a diversity of systems makes that easier, and you won't even know what's happened if you've made it too difficult to "manage, audit and predict."

Avoiding a monoculture isn't the security magic bullet you pretend it is.