[ozim]

OK I agree basic security hygiene removes ransomware as a threat.

Now take limited time/budget and off you go making sure basic security hygiene is applied in a company with 500 employees or 100 employees.

If you can do that let’s see how it goes with 1000 employees.

[devin]

I'm not really sure what point you're making. Is the point that it is harder to to secure more things? Is it that security events happen more frequently the higher your number of employees goes?

If so, I bristle at this way that many developers (not necessarily you, but generally) view security: "It's red or it's green."

Attack surface going up as the number of employees rises is expected, and the goal is to manage the risk in the portfolio, not to ensure perfect compliance, because you won't, ever.

[ozim]

Point is: basic things at scale are hard.

[jacquesm]

And just as dangerous: 50 employees. Because quite frequently these 50 employee companies have responsibilities that they can not begin to assume on the budgets that they have. Some business can really only be operated responsibly above a certain scale.

[bigfatkitten]

Depends on the organisation.

A law firm with 50 employees who use nothing but Microsoft Word, Outlook and a SaaS practice management application is really easy to button up tight, though they probably don’t have any inhouse IT and the quality of MSPs varies wildly.

A company of 50 software developers is an enormous headache.