You don't understand my point, though. Here it is: blame for these breaches is useless and misapplied. I'm not saying "blame the attacker" - I mean, ransomware is nothing more than opportunistic capitalism. It's like this: all organizations great and small must deal with data security. The data security required is a miasma of shifting standards, proprietary protocols, jargon-laden ingroup folklore and self-righteous dudgeon about the power of the MCSE which serves only the acolyte class. Your argument, if I read it correctly, is that the acolyte class should be ever-ready to defend the faith: I'm not necessarily saying that data breach insurance is a bad thing, just that it also has bad things that come with the good. In effect, you're arguing that if you don't want the Spanish Inquisition to destroy your town, you'd best either become a Cardinal or pay for the care and feeding of one. You're basically saying that only by being vigilant and ever ready to do battle can one defeat the hun. But I don't want to defeat the hun. I just wanna run my little blacksmith shop. It is the most logical instinct in the world to fob off the shit you don't understand on someone who does, and to pay them for the privilege. That's what "insurance" is - outsourced risk management, whether it's a plumber or Zurich Re. And Sony store passwords in plaintext. And we're discussing a leak of 9.3m patient records. And I have three overlapping credit protection services because Target, Home Depot and Bank of America failed to protect their data. So what the fuck am I supposed to do when frickin' Target can't get their shit together? How is my stress supposed to make anything better when apparently Primera can't keep their data off the Internet? This started as me saying there are very legitimate reasons to fear ransomware. It's become a rant against the entire IT industry. I'm not walking any of it back because I'm sick of this: When those of us out in the world ask "what are we supposed to do?" the IT answer is invariably A) Pay us extortive prices so that we can condescend to you B) Devote your life to our credo so that we can condescend to you for not being 1337 enough And that's why you can sit there and snigger in superiority while watching The IT Crowd while the rest of us laugh and point. Because in my organization, I'm you and I'm no fucking good at it and when I want to solve that problem, your entire industry conspires to make me feel bad about it.Yet when I worked without it, I felt that stress and I felt the urgency for patching and fixing things. I can definitely say that the systems I was working on were more secure as a result of everyone being unified in the security goals across the company.