System Admin Maxim #2: Identify your infrastructure's risks to management

I have many, many examples of organizations closing the door after the horse is long gone as in Maxim #1.  The most painful one was where I warned the CEO of a small, public software firm that (1) developers were not saving all their data and code on the server, but instead keeping in on their local machines because that was much easier and faster and (2) we were only backing up the servers.  Because we were a public firm, we had to make our quarterly numbers or else the stock would tank.  I told him the cost to back up the workstations and recommended that we do so, but he decided against it. So about a week before the end of a quarter, the machine of the primary QA developer working on a new release that was expected to come out in that quarter, failed.  All the work was lost, the product was not released on time, stock tanked, lots of very, very unhappy people.  The CEO brought me into his office that same day and told me to spend whatever it took to back up all the workstations. Because I had identified the risks before hand there was not much else he could do. As a system admin you need to identify the risks to management.  They may or, as in this case, may not act on the risks.  If they choose not to act, then you must prepare as best you can to recover when the event happens.  It is more difficult these days as the risks are larger (e.g. ransomware), more insidious (e.g. attacks on supply chain vendors), and many are human related (e.g. social engineering cyberattacks) that technology really cannot solve or mitigate.