[nonrandomstring]

> 100%

Not sure about that. Groups of professionals don't appear better at navigating this space than individuals. I'm sure you've sat in such agonising meetings too. Common experience: They're hellholes of group-think, risk aversion, inertia, legacy constraints, resistance to change, pressure to reach fast decisions, duress or undue influence from salesmen and 'partners'.

Have you ever seen a company of any size actually sit down, open-mindedly weigh up a real and serious evidence-based long term security plan built around risk analysis, a full network and service overview, with all real software options on the table and all stakeholders present. Companies made up of well educated people with impressive job titles are as vulnerable to pitfalls and shortcuts as anyone else. They just operate, and fall victim to scams, on an organisational scale. Crowdstrike and other protection rackets are a way to make a problem go away, not to face its complexity head on.