A bit too much...
... complacency, as ever for a CSO. Of course a CSO must *never* do or say anything that could affect share values, so anodyne announcements are par for the course. However... it took you TWO HOURS to shut down a ransomware attempt?
"He described how one ransomware attacker compromised a staffer's machine which off site, and began encrypting files across the corporate network once the infected computer was connected to the office intranet."
Yes.. and how does that happen? He appears to be trying to give the impression that some nasty "attacker" succeeded in somehow compromising the computer of a "staffer" while the machine was off site. No doubt some incredibly clever and devious technical attack that sneaked past the robust configuration and defences of the corporate machine. Which is bollocks.
Mr Occam says that the "staffer" did something stupid. They were phished or spear phished, or they were browsing pr0n on a corporate computer or downloading WaReZ or something equally stupid such as using USB sticks that had been used on an internet-facing system. But the event was not detected by the AV fitted to the machine (if any) and when re-connected to the corporate network it started on its merry way to do what ransomware does. If it was from a USB stick then shame on Airbus for not having end-point protection.
That is a gross failure on the part of Airbus to secure their machines properly, on the part of the employee doing something with a corporate machine that they shouldn't have been doing and again on the part of Airbus for not providing appropriate training about the need to ensure that dodgy crap doesn't end up on a corporate system.