@SwiftOnSecurity @GossiTheDog it's the complexity versus business risk, multiplied by cost-saving on operations. I.e. by being a high-profile company you end up with
1. complex setup of the infrastructure (built by multiple siloed teams)
2. high profile apps/services with high visibility and criticality
3. ops saving leading to attrition of staff and hence eradication of knowledge

Net result - ops can never formulate proper risk profile hence never get approval from the busness for maintenance