This is like me getting called into a massive cybersecurity incident where the DC has been pwned, the adversary has multiple footholds and C2 channels, telling the business to contain - and the business going, “This is too hard. Maybe if we wait they’ll just go away eventually”.

“But we could segment the network and install EDR on every client...”
“Nah, EDR is too disruptive to the users and they won’t like segmentation.”
“Well, you could invest in a crack forensics team to detect and track the adversary”
“Nah, our department heads won’t agree on that”

“What if I show you some containment and recovery plans that worked for other, similar businesses?”
“Those are our competition, so their plans can’t be any good!”
“You have your own cybersecurity team and they’re recommending the EDR as a last ditch deterrent,”
“I’m firing them.”

“...You realize this incident is going to cause your planned merger to fail, because the other org won’t connect their networks to your incredibly and publicly compromised one?”
“They’ll come around. We’re the better company.”

“Okay... but it’s also going to cause a huge disruption to your operations and profits as computers are continually ransomed and your customer data is constantly stolen by the adversary...”
“I don’t care! We’re not shutting the network down. Or improving security! It’s too hard!”

👆🏻this is how y’all sound

And eventually your triage and response personnel are all going to get burnt out and quit.

Jesus H. Christ. I’m a professional computer incident responder and I can do this better than the people in charge of pandemic response.