Should You Pay Ransomware Demands? (The Honest Answer)

Should organisations pay ransomware demands? Canvas recently paid after a breach exposed student data. Now US Congress is questioning whether payments should be illegal.

In this episode of Razorwire Raw, James Rees tackles the ransomware payment dilemma. Ransomware groups operate like commercial organisations - if they don't honour agreements to delete data after payment, nobody would pay them. Some negotiators have been caught telling attackers what insurance payouts will cover.

The advice is simple: don't get into that position. Good encryption, proper backups and security resilience dramatically reduce ransomware risk. But when an organisation faces complete failure, the pressure to pay becomes overwhelming.

Should ransomware payments become illegal? What happens to SMBs that can't recover without paying? And with AI accelerating attacks, how do organisations balance prevention with reality?

Security needs to happen before the incident, not after. Once the horse has bolted, your options are limited.

⸻

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit (https://www.razorthorn.com). We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

⸻

Follow us online:
LinkedIn: (https://www.linkedin.com/company/razorthorn-security)
YouTube: (https://www.youtube.com/c/RazorthornSecurity)
TikTok: (https://www.tiktok.com/@razorwire.podcast)
Instagram: (https://www.instagram.com/razorwire.podcast)
X: (https://x.com/RazorThornLTD)
Website: (https://www.razorthorn.com)