Honestly yes. What's your threat model here? You don't want your systems held hostage by ransomware gangs. At local levels of government this is the main problem.