Wine almost stopped existing. The Phylloxera infection killed the roots of European vineyards in the 19th century. Only by grafting European vines onto North American rootstock did wine survive.

Similar plagues have affected agricultural crops over the last few centuries. Cash crops typically optimize for short term profit and ignore long-term risk. Because that’s what our capitalist economic system optimizes for.

But that means you face systemic risk. Which brings up to the Crowdstrike incident last week.

People herd. It’s a natural human tendency. And people have herded around Windows for a quarter century, and by extension, specific tools that support Windows, like Crowdstrike.

There are sound reasons for many enterprises to use Windows, but doing so involves risks that are often overlooked—including the system risk you carry by choosing a monoculture solution.

If you do what everyone else does, you do not expose yourself to criticism (“No one ever got fired for buying IBM”). But it does expose your employer to systemic risk.

This means thinking for yourself, and making decisions regardless of what the herd thinks, become important attributes in a strategic security leader like a CISO.

Now, you could argue that, on balance, looking at the ROI of using Windows, with explicit understanding and acceptance of the systemic risk, it still makes sense for a given enterprise to use that operating system and its monoculture. And that’s a legitimate argument and could still be the right business choice.

But that is rarely where most people are coming from. It is not a controversial statement to say that most people and enterprises use Windows because it what everyone else uses—that is, most people just follow the herd.

That means the alternative is to either make your risk analysis and acceptance explicit, or to consider strategic options to avoid the system risk involved here.

It depends of course on your threat model and the enterprise we are talking about—and sometimes the cost of moving away from Windows is so high as to be prohibitive—but long-term strategic thinking means it’s worth costing out Mac or Linux on the desktop in terms of money and risk.

Maybe it still doesn’t make sense for your employer. And that’s fine. But monoculture solutions expose you to systemic risk. Engage with that risk explicitly.

What decision makes sense for your employer after you’ve done so—well, that’s up to you.