Surely he's not referring to all enterprises.
". . . If enterprises don't start making strides towards defensible architecture today, massive ransoms may end up getting paid tomorrow."
Nothing is perfect, but I am disappointed that the all inclusive word "enterprises" is used here instead of mentioning exactly whom this is referring to. At the extremes there are a number of operating systems which are indeed working specifically on this task. Even some more common ones make this an important consideration. I feel that some very hard working software architects are being unfairly put down here.