Yeah, that’s pretty risky for this point in time.

I guess the MBA people look at total cost of revenue/reputation loss for things like ransomware recovery, restoration of backups vs the cost of making their IT systems resilient?

Personally, I don’t think so (in many cases) or they’d spend more money on planning/resilience.