I'll skip over Y2K, then.
One of the challenges for companies is getting them to actually identify the critical information in their systems that they need to protect. If you don't know what's critical, you can't protect it all, so you start to layer it down on the things that are more important, then you can start to control who gets access to it.
One of the interesting challenges for a lot of companies, particularly when you're talking about ransomware and small companies, is that they traditionally think they haven't any big trade secrets, nothing that somebody wants to steal.
The problem with ransomware is that they don't want to take anything; they just want to deny you access to whatever you have that's of value to you. For a lot of small companies, that's quite a mind shift to get around, because once they get around that, then they can start to realize why they now have to be taking an interest in ransomware, both in terms of the defence of things—there are some things that can be done—and if it happens how they actually recover from it.