Unless your blacksmith shop deals in 9.3 million SSNs, none of what I'm talking about nor what I've argued about applies to your business. If your blacksmith shops deals with 9.3 million SSNs, then you should hire tech staff. I'm talking about major corporations who give no shits. I'm talking about Dell, who have repeatedly shown they don't care (internally). I'm talking about Sony, Target, and I'm talking about Home Depot, and I'm talking about all of these breaches that are occurring. These organizations need to be held accountable. You are not a target to hackers, so I don't care what happens to your data. Going back to my rollercoaster/theme park example, your organization is a 10ft waterslide. Unless you built it out of jello I can't imagine a scenario that it matters. This whole article is about healthcare, not blacksmithing, and I focused on the article's field, not yours. I stated that the healthcare industry, IE: Health Insurance Providers who are large organizations, likely have no need to worry about ransomware on their servers because they are large organizations who would be doing many forms of backups anyway. Small businesses absolutely have to worry about ransomware, and I'm not preparing you for the inquisition. If you have to abide by HIPAA because you indirectly provide health insurance to your employees, you are not going to be affected by ransomware either because you are going to be paying another organization to provide the health insurance. They have copies of that data as well. That being said, I don't think the large portions of HIPAA would require much out of your because it's more about the health insurance providers and the health care providers, they are the ones that have the sensitive information like what illnesses people have. IF the law states otherwise, that you have to lock down systems like crazy, I think that's as stupid as you do. What I'm against isn't people who get roped in because they have to, like you. I am against people who intentionally choose IT as their career path, get a degree in IT, get certifications, etc, and then land in a position in a large corporation or government where they get paid some ridiculous salary and then coast to retirement. Everything in your statement made me think that you were in large scale data security operations. When you said blacksmith the first time, I had no idea that was meant literally. My point is working for an organization where you are handling 9.3 million SSNs and falling back on "insurance" and saying "screw technology, we'll just insulate each other legally" is fucking over the consumer harder than anything else. That's why I said I agree with and would recommend data breach insurance, too, just wanted to point out the issues with large corporations falling back on these massive safety nets without looking at or caring about the consequences. Again, I think for the most part we agree with most things in this discussion, it's just constantly that you keep escalating things into personal attacks very quickly, then I fall into the role of defending my positions or attacking you further. It's a toxic mindset to think everyone is out to get you, believe me, I'm the one that has been repeatedly treated for it.