Are companies that refuse to pay a ransom happier that those that pay out? Two new data-driven studies of ransomware payments offer detailed insight into victim companies’ decisions about how to recover from the attacks, with one of the surveys revealing that companies that refused to pay cybercriminals ended up more satisfied than those that did. This first article in a two-part series examines the factors beyond viable backups that helped companies avoid paying ransoms and the recent expansion of perpetrators’ pressure tactics, with commentary from the studies’ authors at NCC Group and Booz Allen Hamilton. The second article will offer a guide to preparing for payment decisions, as well as describing structured approaches to navigating an attack and putting a value on the potential losses. See “First Steps Fund Managers Should Take When Responding to a Ransomware Attack (Part One of Two)” (Dec. 14, 2021).