It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout.
https://searchsecurity.techtarget.com/tip/Should-companies-pay-ransomware-and-is-it-illegal-to