[autoexec]

From a cost perspective it'd be easy to be tempted into thinking you can play the odds and come out ahead. It's not like getting infected with ransomware is something that happens all the time.

Fortunately not being negligent when it comes to security does a lot more than just protect you from ransomware extortionists. It can make it possible to easily recover data after all kinds of incidents (human error, software bugs, hardware failures, fires/floods, etc) and also help keep you protected from other types of viruses/malware, malicious employees, corporate espionage, whistleblowers, and anyone else who would take your data and then actually use it instead of just demanding payment to make it go away. It can also prevent the reputational harm a company can suffer by having a data breach go public.

Good security is one of those things that could easily save a company way more than it costs them, but the costs are immediate and non-trivial and companies seem to love to cut corners even when they know it'll screw them down the road because they're pathologically short-sighted and it's hard to brag about doing something that didn't have an immediate and obvious impact on their next quarter's bottom line