Last week, the U.S. Conference of Mayors passed a resolution discouraging cities from paying ransoms to hackers that have taken their systems captive. The underlying logic is pretty straightforward: if bad actors realize that there’s no longer any cash waiting for them at the end of the rainbow, they’ll eventually pack up their ball and go home.

Still, talk is cheap and the infrastructure that cities need to deploy in order to prevent their systems from being held hostage in the first place is not. Without a substantive investment in talent and security solutions, a pact such as the one announced by the Conference of Mayors might not endure the slew of challenges it’s sure to face.