Comment by xkcd-sucks

I'm aware of at least one major academic lab, the kind where the PI is a rockstar scientist-cum-entrepreneur and gets a six figure salary from multiple institutions in addition to spinoff startup income, who has had cryptominer malware on their website servers for a few years and doesn't care to go beyond deleting executable every time the website is updated (which naturally comes back immediately afterwords)

Not that this is "acceptable" by any means, just a single calibration point